Mijn log :)

**Laurens** · 29 December 2005, 14:07

Zit met wat trage pc enzo en zou graag eens een check doen

Logfile of HijackThis v1.99.1
Scan saved at 13:03:10, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\apptr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\netvr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Save\Save.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Laurens\Bureaublad\hjtgedoe\HijackThis.ex e

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchzoomer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Laurens\Application Data\Mozilla\Profiles\default\lcldkchw.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {18BC661B-CA52-BB63-83A2-D754F9603539} - C:\WINDOWS\system32\mfcxd.dll
O2 - BHO: Class - {1D05561B-DD9B-F49D-6A11-B07C2D63FF20} - C:\WINDOWS\netcn32.dll
O2 - BHO: Class - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - C:\WINDOWS\system32\mstk.dll
O2 - BHO: Class - {3F300A97-6990-3673-92B7-FCDF52055C5F} - C:\WINDOWS\system32\syspb.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: Class - {4A7EFE21-0DA2-210A-D61C-5B30C3F53702} - C:\WINDOWS\system32\netts.dll
O2 - BHO: Class - {4FC7118F-CEC2-4822-4FA2-BD496C690A0C} - C:\WINDOWS\ieme32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfcwl32.dll
O2 - BHO: Class - {8B043766-611B-3F26-B402-87942B3D9825} - C:\WINDOWS\system32\atloh32.dll
O2 - BHO: Class - {991D3490-2A99-F7AE-8C3A-33A16AA22B1F} - C:\WINDOWS\system32\mfcke.dll
O2 - BHO: Class - {BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD} - C:\WINDOWS\sysdj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BE14A955-DD6C-A165-6A81-393FF536A2E2} - C:\WINDOWS\system32\ntar.dll
O2 - BHO: Class - {C5B3F192-ABCE-2822-DCF4-FB06321A24FE} - C:\WINDOWS\apito32.dll
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3ux32.dll
O2 - BHO: Class - {E63F1C8C-F268-E0E3-67B6-E79D4A5DD48E} - C:\WINDOWS\d3sl.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SysMon] C:\WINDOWS\System32\telnet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] C:\Program Files\Blokker Offline Software\Agent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netvr.exe] C:\WINDOWS\system32\netvr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apptr32.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Bij voorbaat al dank

**jurgenv** · 29 December 2005, 14:54

1) Ga naar Configuratiescherm > Software. Kijk of New.net Domains of New.net Application in de softwarelijst staat en, zo ja, deïnstalleer dit.
Staat het niet in de softwarelijst of lukt het deïnstalleren niet, ga dan naar 2).

2) Kijk in de map C:\Program Files\NewDotNet of daarin een uninstaller staat. Die uninstaller heet uninstallX_XX.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
Lukt het op deze manier niet, ga dan naar 3).

3) Kijk in de map C:\Windows of daarin een uninstaller staat. Die uninstaller heet NDNuninstallx_xx.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
Lukt het op deze manier niet, ga dan naar 4).

4) Download deze uninstaller, plaats het op je bureaublad. Dubbelklik op NNuninstall.exe, dat nu op je bureaublad staat, om New.net te verwijderen.

Na het verwijderen van New.net, moet de pc opnieuw worden opgestart. Maak daarna een nieuw HijackThis-log en plaats dat hier.

**Laurens** · 29 December 2005, 19:23

Het is verwijderd via stap 1

Nieuwe log :

Logfile of HijackThis v1.99.1
Scan saved at 18:26:01, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\apptr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\netvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Save\Save.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Laurens\Bureaublad\hjtgedoe\HijackThis.ex e

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iniug.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchzoomer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Laurens\Application Data\Mozilla\Profiles\default\lcldkchw.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {18BC661B-CA52-BB63-83A2-D754F9603539} - C:\WINDOWS\system32\mfcxd.dll
O2 - BHO: Class - {1D05561B-DD9B-F49D-6A11-B07C2D63FF20} - C:\WINDOWS\netcn32.dll
O2 - BHO: Class - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - C:\WINDOWS\system32\mstk.dll
O2 - BHO: Class - {3F300A97-6990-3673-92B7-FCDF52055C5F} - C:\WINDOWS\system32\syspb.dll
O2 - BHO: Class - {4A7EFE21-0DA2-210A-D61C-5B30C3F53702} - C:\WINDOWS\system32\netts.dll
O2 - BHO: Class - {4FC7118F-CEC2-4822-4FA2-BD496C690A0C} - C:\WINDOWS\ieme32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfcwl32.dll
O2 - BHO: Class - {8B043766-611B-3F26-B402-87942B3D9825} - C:\WINDOWS\system32\atloh32.dll
O2 - BHO: Class - {991D3490-2A99-F7AE-8C3A-33A16AA22B1F} - C:\WINDOWS\system32\mfcke.dll
O2 - BHO: Class - {BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD} - C:\WINDOWS\sysdj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BE14A955-DD6C-A165-6A81-393FF536A2E2} - C:\WINDOWS\system32\ntar.dll
O2 - BHO: Class - {C5B3F192-ABCE-2822-DCF4-FB06321A24FE} - C:\WINDOWS\apito32.dll
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3ux32.dll
O2 - BHO: Class - {E63F1C8C-F268-E0E3-67B6-E79D4A5DD48E} - C:\WINDOWS\d3sl.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SysMon] C:\WINDOWS\System32\telnet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] C:\Program Files\Blokker Offline Software\Agent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netvr.exe] C:\WINDOWS\system32\netvr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apptr32.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

is het btw een pittige log?

**jurgenv** · 29 December 2005, 19:25

1. Download CWShredder.
Plaats het op een plaats waar je het snel terugvindt.
Nog niet laten runnen!

2. Download AboutBuster.
Unzip AboutBuster.zip. Je zal een map te zien krijgen met daarin Aboutbuster.exe en reflist.dll.
Dubbelklik vanuit die map op AboutBuster.exe. Klik OK, Update, Check For Update en download de updates indien aanwezig.
Daarna klik je op afsluiten, want nu mag je het programma nog niet laten scannen.
(Indien je een foutmelding krijgt in aboutbuster, of het programma werkt niet, download missingfilesetup.exe
Blijf je nog steeds die foutmelding krijgen, post het dan eerst hier vooraleer je verder gaat met de volgende stappen. Meldt er wel duidelijk bij welke foutmelding je juist krijgt.

3. Download hsafix.
Unzip hsafix op je bureaublad maar klik er nog niet op.

4. Download en installeer CCleaner
Nog niet gebruiken!

5. Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn.
Ga naar Start en klik op Deze computer.
In de menubalk selecteer je Extra en dan Mapopties.
Selecteer de tab Weergave.
Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
Klik op Ja om dit te bevestigen.
Klik op OK.

6. Start nu je pc op in VEILIGE MODE.
Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
In dit menu kies je de optie "Veilige modus".

7. Start CWShredder en klik op FIX

8. Dubbelklik nu op hsafix die je in het begin hebt gedownload naar je bureaublad.
Als er gevraagd wordt of je het wil toevoegen aan het register moet je op ja klikken.

9. Start Aboutbuster en laat het scannen.
Laat het daarna nog eens scannen om er zeker van te zijn dat aboutbuster effectief zijn werk kan afmaken.
Klik daarna op 'save log'

10. Start CCleaner en klik op Ccleaner opstarten (onderaan rechts)

11. Reboot je pc terug naar normale mode.

12. Doe daarna een online virusscan:TrendMicro Housecall
Vink het vakje met Auto Clean aan.
Laat het volledig je systeem scannen (Dit zal een tijdje duren)

13. Post een nieuw hijackthislogje + het logje van aboutbuster

14. Vertel me ook welke problemen je ondervonden hebt (indien die aanwezig waren) tijdens het uitvoeren van deze stappen.

**Laurens** · 29 December 2005, 19:31

Maar best het zekere voor het onzekere nemen..

Oorspronkelijk geplaatst door jurgenv

Unzip AboutBuster.zip. Je zal een map te zien krijgen met daarin Aboutbuster.exe en reflist.dll.

In mijn unzipte map zitten enkel Aboutbuster.exe & een readme bestand ..
Geen reflist.dll dus.. Negeren en doorgaan?

**jurgenv** · 29 December 2005, 19:34

jep doorgaan

en als je geen 'update' knop vind, klik dan op 'begin removal'

**Laurens** · 29 December 2005, 19:45

Ok bezig.. Wel vreemd; eerst zei je nog niet laten lopen; en nu moest ik op begin removal klikken :P
Hij heeft nu zeer veel c:\\windows\... folders zitten deleten en gaf deze prompt : 'it appears a CWS infection has been found on your PC. Would you like to reset your internet explorer settings? This will also remove all files from the temp folder.' Hierop 'yes' geantwoord en toen ging hij dus verder..

AboutBusterlog =>

AboutBuster 6.0
Scan started on [29/12/2005] at [18:41:07]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\0.log:aflvkz
Removed Stream! C:\WINDOWS\AdfuUpdate.inf:mtimez
Removed Stream! C:\WINDOWS\ARJ.PIF:zcpedl
Removed Stream! C:\WINDOWS\aucfg.ini:tueto
Removed Stream! C:\WINDOWS\AuHCcup1.ini:fuszyb
Removed Stream! C:\WINDOWS\cdplayer.ini:xbezls
Removed Stream! C:\WINDOWS\clock.avi:dbsoeq
Removed Stream! C:\WINDOWS\CMAUDIO.INFupenv
Removed Stream! C:\WINDOWS\CMAUDIO.INF:qvekuw
Removed Stream! C:\WINDOWS\CMISETUP.INI:vbktza
Removed Stream! C:\WINDOWS\cmuninst.dat:iwoxoy
Removed Stream! C:\WINDOWS\comsetup.log:hcqviv
Removed Stream! C:\WINDOWS\control.ini:zcrop
Removed Stream! C:\WINDOWS\desktop.ini:tphdrj
Removed Stream! C:\WINDOWS\edkfv.txt:ahytb
Removed Stream! C:\WINDOWS\explorer.scf:lpzilt
Removed Stream! C:\WINDOWS\explorer.scf:sdtfwi
Removed Stream! C:\WINDOWS\GEARInstall.log:lgksh
Removed Stream! C:\WINDOWS\GetServer.ini:ljbmy
Removed Stream! C:\WINDOWS\GetServer.ini:qdtgf
Removed Stream! C:\WINDOWS\gmgcw.txt:dfwysc
Removed Stream! C:\WINDOWS\Groensteen.bmp:uxgsi
Removed Stream! C:\WINDOWS\iis6.log:xogclu
Removed Stream! C:\WINDOWS\imsins.BAK:oigqx
Removed Stream! C:\WINDOWS\imsins.BAK:yjqeur
Removed Stream! C:\WINDOWS\InfModM.ini:qpyhoe
Removed Stream! C:\WINDOWS\jautoexp.dat:qkajwu
Removed Stream! C:\WINDOWS\KB828741.log:iffdtg
Removed Stream! C:\WINDOWS\KB828741.log:iprmih
Removed Stream! C:\WINDOWS\Kopje koffie.bmp:aqbakr
Removed Stream! C:\WINDOWS\mammr.txt:kytwv
Removed Stream! C:\WINDOWS\ModemLog_V9X HAM 1394V.txt:cthdb
Removed Stream! C:\WINDOWS\msdfmap.ini:vfdqb
Removed Stream! C:\WINDOWS\msgsocm.log:vzwgr
Removed Stream! C:\WINDOWS\n_lqacqp.log:fndba
Removed Stream! C:\WINDOWS\orun32.ini:qirbu
Removed Stream! C:\WINDOWS\oxzeo.log:zntqk
Removed Stream! C:\WINDOWS\Prairie.bmp:bsljd
Removed Stream! C:\WINDOWS\pupen.txt:oszixa
Removed Stream! C:\WINDOWS\Q323255.log:vppoa
Removed Stream! C:\WINDOWS\Q329048.log:whsvry
Removed Stream! C:\WINDOWS\Q329115.log:iprph
Removed Stream! C:\WINDOWS\Q329170.log:ysrnrl
Removed Stream! C:\WINDOWS\Q329390.log:mtouz
Removed Stream! C:\WINDOWS\Q329390.log:oilita
Removed Stream! C:\WINDOWS\Q329834.log:rtkatn
Removed Stream! C:\WINDOWS\Q811630.log:juvgnx
Removed Stream! C:\WINDOWS\QTFont.for:ejmfy
Removed Stream! C:\WINDOWS\Rhododendron.bmp:usipso
Removed Stream! C:\WINDOWS\Rivier Sumida.bmp:vrttoz
Removed Stream! C:\WINDOWS\SchedLgU.Txt:bmatbb
Removed Stream! C:\WINDOWS\setupact.log:gnjqn
Removed Stream! C:\WINDOWS\setuperr.log:gsedkm
Removed Stream! C:\WINDOWS\smscfg.inibwyq
Removed Stream! C:\WINDOWS\Sti_Trace.log:qtojnx
Removed Stream! C:\WINDOWS\svcpack.log:rmkpgu
Removed Stream! C:\WINDOWS\tmupdate.ini:juhwhz
Removed Stream! C:\WINDOWS\tsc.ini:cieod
Removed Stream! C:\WINDOWS\tsc.ptn:knduae
Removed Stream! C:\WINDOWS\tsc.ptn:qglbi
Removed Stream! C:\WINDOWS\tsoc.log:cajhf
Removed Stream! C:\WINDOWS\UC.PIF:lelcj
Removed Stream! C:\WINDOWS\ulead32.ini:upgfwr
Removed Stream! C:\WINDOWS\vb.ini:enpll
Removed Stream! C:\WINDOWS\vb.ini:vsermh
Removed Stream! C:\WINDOWS\VERSION.TXT:rrela
Removed Stream! C:\WINDOWS\vminst.log:izlojn
Removed Stream! C:\WINDOWS\VPTNFILE.546:eazes
Removed Stream! C:\WINDOWS\wiadebug.log:baecdx
Removed Stream! C:\WINDOWS\winamp.ini:tbwhfa
Removed Stream! C:\WINDOWS\wincmd.ini:maxip
Removed Stream! C:\WINDOWS\wincmd.inimkgan
Removed Stream! C:\WINDOWS\winnt.bmp:indtcy
Removed Stream! C:\WINDOWS\winnt.bmp:muhmzk
Removed Stream! C:\WINDOWS\wmsetup10.log:lmqsv
Removed Stream! C:\WINDOWS\Zeepbellen.bmp:mqplh
Removed Stream! C:\WINDOWS\_default.pif:abnwl
Removed Stream! C:\WINDOWS\_default.pif:bjmgng
Removed Stream! C:\WINDOWS\_default.pif:bzmpvj
Removed Stream! C:\WINDOWS\_default.pif:coombi
Removed Stream! C:\WINDOWS\_default.pif:cvdms
Removed Stream! C:\WINDOWS\_default.pif:darmmc
Removed Stream! C:\WINDOWS\_default.pif:ddjuk
Removed Stream! C:\WINDOWS\_default.pif:dsbms
Removed Stream! C:\WINDOWS\_default.pif:efdnxz
Removed Stream! C:\WINDOWS\_default.pif:ekwvy
Removed Stream! C:\WINDOWS\_default.pif:eliwle
Removed Stream! C:\WINDOWS\_default.pif:fchmw
Removed Stream! C:\WINDOWS\_default.pif:fnxii
Removed Stream! C:\WINDOWS\_default.pif:ggcbbl
Removed Stream! C:\WINDOWS\_default.pif:gxjbs
Removed Stream! C:\WINDOWS\_default.pif:hftqqp
Removed Stream! C:\WINDOWS\_default.pif:hshob
Removed Stream! C:\WINDOWS\_default.pif:huxki
Removed Stream! C:\WINDOWS\_default.pif:hvtky
Removed Stream! C:\WINDOWS\_default.pif:iiutsw
Removed Stream! C:\WINDOWS\_default.pif:ilrvd
Removed Stream! C:\WINDOWS\_default.pif:iradg
Removed Stream! C:\WINDOWS\_default.pif:jkcjt
Removed Stream! C:\WINDOWS\_default.pif:jrmmo
Removed Stream! C:\WINDOWS\_default.pif:jwwhgg
Removed Stream! C:\WINDOWS\_default.pif:kthsc
Removed Stream! C:\WINDOWS\_default.pif:lczhla
Removed Stream! C:\WINDOWS\_default.pif:lmkidx
Removed Stream! C:\WINDOWS\_default.pif:maxcxm
Removed Stream! C:\WINDOWS\_default.pif:mlprjb
Removed Stream! C:\WINDOWS\_default.pif:nmxzj
Removed Stream! C:\WINDOWS\_default.pif:nxbxf
Removed Stream! C:\WINDOWS\_default.pif:obelgy
Removed Stream! C:\WINDOWS\_default.pif:ofjwza
Removed Stream! C:\WINDOWS\_default.pif:oftdr
Removed Stream! C:\WINDOWS\_default.pif:ohpjj
Removed Stream! C:\WINDOWS\_default.pif:olido
Removed Stream! C:\WINDOWS\_default.pif:qvsxs
Removed Stream! C:\WINDOWS\_default.pif:rvlbev
Removed Stream! C:\WINDOWS\_default.pif:sbxcwn
Removed Stream! C:\WINDOWS\_default.pif:thotqh
Removed Stream! C:\WINDOWS\_default.pif:tilkc
Removed Stream! C:\WINDOWS\_default.pif:tjmfy
Removed Stream! C:\WINDOWS\_default.pif:tmvfa
Removed Stream! C:\WINDOWS\_default.pif:ultym
Removed Stream! C:\WINDOWS\_default.pif:uukly
Removed Stream! C:\WINDOWS\_default.pif:vaugeo
Removed Stream! C:\WINDOWS\_default.pif:vphvq
Removed Stream! C:\WINDOWS\_default.pif:wddzhm
Removed Stream! C:\WINDOWS\_default.pif:xqxlk
Removed Stream! C:\WINDOWS\_default.pif:xrsed
Removed Stream! C:\WINDOWS\_default.pif:ytnjbd
Removed Stream! C:\WINDOWS\_default.pif:yzfqb
Removed Stream! C:\WINDOWS\_default.pif:zjtcf
Removed Stream! C:\WINDOWS\_default.pif:zutwkl
Removed Stream! C:\WINDOWS\_default.pif:zzugvv
-------------------------------------------------------------
Removed File! : C:\WINDOWS\addff.exe
Removed File! : C:\WINDOWS\addgi32.exe
Removed File! : C:\WINDOWS\addhz32.exe
Removed File! : C:\WINDOWS\addjp.exe
Removed File! : C:\WINDOWS\addlc32.exe
Removed File! : C:\WINDOWS\addpa32.exe
Removed File! : C:\WINDOWS\addqd32.exe
Removed File! : C:\WINDOWS\addqj.exe
Removed File! : C:\WINDOWS\addrf32.exe
Removed File! : C:\WINDOWS\addzn32.exe
Removed File! : C:\WINDOWS\apiea.exe
Removed File! : C:\WINDOWS\apima.exe
Removed File! : C:\WINDOWS\apimu32.exe
Removed File! : C:\WINDOWS\apito32.dll
Removed File! : C:\WINDOWS\apizv32.exe
Removed File! : C:\WINDOWS\appeu.exe
Removed File! : C:\WINDOWS\appfv.exe
Removed File! : C:\WINDOWS\appfx.exe
Removed File! : C:\WINDOWS\appgg.exe
Removed File! : C:\WINDOWS\appmv.exe
Removed File! : C:\WINDOWS\appnt.exe
Removed File! : C:\WINDOWS\appvj32.exe
Removed File! : C:\WINDOWS\atlcl.exe
Removed File! : C:\WINDOWS\atldb32.exe
Removed File! : C:\WINDOWS\atldm32.exe
Removed File! : C:\WINDOWS\atlgh.exe
Removed File! : C:\WINDOWS\atlmp32.exe
Removed File! : C:\WINDOWS\atlqp32.exe
Removed File! : C:\WINDOWS\atlrh.exe
Removed File! : C:\WINDOWS\cfiat.log
Removed File! : C:\WINDOWS\cmrsw.txt
Removed File! : C:\WINDOWS\cral32.exe
Removed File! : C:\WINDOWS\crga.exe
Removed File! : C:\WINDOWS\crvf.exe
Removed File! : C:\WINDOWS\crvp.exe
Removed File! : C:\WINDOWS\cryo32.exe
Removed File! : C:\WINDOWS\d3df.exe
Removed File! : C:\WINDOWS\d3ic32.exe
Removed File! : C:\WINDOWS\d3ji32.exe
Removed File! : C:\WINDOWS\d3jw.exe
Removed File! : C:\WINDOWS\d3on32.exe
Removed File! : C:\WINDOWS\d3ps32.exe
Removed File! : C:\WINDOWS\d3sl.dll
Removed File! : C:\WINDOWS\d3wq.exe
Removed File! : C:\WINDOWS\d3xd32.exe
Removed File! : C:\WINDOWS\d3ya32.exe
Removed File! : C:\WINDOWS\edkfv.txt
Removed File! : C:\WINDOWS\gmgcw.txt
Removed File! : C:\WINDOWS\gmqne.dll
Removed File! : C:\WINDOWS\hdncd.log
Removed File! : C:\WINDOWS\hnixv.dat
Removed File! : C:\WINDOWS\iecs.exe
Removed File! : C:\WINDOWS\iega32.exe
Removed File! : C:\WINDOWS\iegs.exe
Removed File! : C:\WINDOWS\iehl.exe
Removed File! : C:\WINDOWS\iekq.exe
Removed File! : C:\WINDOWS\ieme32.dll
Removed File! : C:\WINDOWS\ienh32.exe
Removed File! : C:\WINDOWS\ierr.exe
Removed File! : C:\WINDOWS\ieuk.exe
Removed File! : C:\WINDOWS\iewj32.exe
Removed File! : C:\WINDOWS\iewu32.exe
Removed File! : C:\WINDOWS\ipef32.exe
Removed File! : C:\WINDOWS\ipgt32.exe
Removed File! : C:\WINDOWS\ipih32.exe
Removed File! : C:\WINDOWS\ippw.exe
Removed File! : C:\WINDOWS\ipqz32.exe
Removed File! : C:\WINDOWS\ipsc.exe
Removed File! : C:\WINDOWS\iptd.exe
Removed File! : C:\WINDOWS\ipvr32.exe
Removed File! : C:\WINDOWS\ipvu.exe
Removed File! : C:\WINDOWS\ipwk.exe
Removed File! : C:\WINDOWS\ipxa32.exe
Removed File! : C:\WINDOWS\ipzg.exe
Removed File! : C:\WINDOWS\javaiy32.exe
Removed File! : C:\WINDOWS\javapx32.exe
Removed File! : C:\WINDOWS\javayx32.exe
Removed File! : C:\WINDOWS\kpkxg.dat
Removed File! : C:\WINDOWS\ljpsi.txt
Removed File! : C:\WINDOWS\mammr.txt
Removed File! : C:\WINDOWS\mfcan.exe
Removed File! : C:\WINDOWS\mfcbr.exe
Removed File! : C:\WINDOWS\mfccj.exe
Removed File! : C:\WINDOWS\mfcer32.exe
Removed File! : C:\WINDOWS\mfcju.exe
Removed File! : C:\WINDOWS\mfckq.exe
Removed File! : C:\WINDOWS\mfcsq.exe
Removed File! : C:\WINDOWS\mfcvl32.exe
Removed File! : C:\WINDOWS\mfcwl32.dll
Removed File! : C:\WINDOWS\mfcyu.exe
Removed File! : C:\WINDOWS\mshy.exe
Removed File! : C:\WINDOWS\msit32.exe
Removed File! : C:\WINDOWS\mssd.exe
Removed File! : C:\WINDOWS\msub32.exe
Removed File! : C:\WINDOWS\mswz32.exe
Removed File! : C:\WINDOWS\netab.exe
Removed File! : C:\WINDOWS\netcn32.dll
Removed File! : C:\WINDOWS\netdq.exe
Removed File! : C:\WINDOWS\netgf.exe
Removed File! : C:\WINDOWS\netgf32.exe
Removed File! : C:\WINDOWS\netkd32.exe
Removed File! : C:\WINDOWS\netmb.exe
Removed File! : C:\WINDOWS\netnw.exe
Removed File! : C:\WINDOWS\netov32.exe
Removed File! : C:\WINDOWS\netph.exe
Removed File! : C:\WINDOWS\netrc32.exe
Removed File! : C:\WINDOWS\netuv32.exe
Removed File! : C:\WINDOWS\netzb.exe
Removed File! : C:\WINDOWS\ntar32.exe
Removed File! : C:\WINDOWS\ntpl32.exe
Removed File! : C:\WINDOWS\ntqf.exe
Removed File! : C:\WINDOWS\ntqr.exe
Removed File! : C:\WINDOWS\n_crpitl.log
Removed File! : C:\WINDOWS\n_lqacqp.log
Removed File! : C:\WINDOWS\n_oswahm.dat
Removed File! : C:\WINDOWS\qmsue.txt
Removed File! : C:\WINDOWS\rojvs.txt
Removed File! : C:\WINDOWS\sdkdu.exe
Removed File! : C:\WINDOWS\sdkfg32.exe
Removed File! : C:\WINDOWS\sdkfn32.exe
Removed File! : C:\WINDOWS\sdkfw32.exe
Removed File! : C:\WINDOWS\sdkgl.exe
Removed File! : C:\WINDOWS\sdkkr.exe
Removed File! : C:\WINDOWS\sdkmd.exe
Removed File! : C:\WINDOWS\sdkov32.exe
Removed File! : C:\WINDOWS\sdkts32.exe
Removed File! : C:\WINDOWS\sdkyx.exe
Removed File! : C:\WINDOWS\snoav.dat
Removed File! : C:\WINDOWS\srszl.dat
Removed File! : C:\WINDOWS\sysdj.dll
Removed File! : C:\WINDOWS\syseh32.exe
Removed File! : C:\WINDOWS\sysep32.exe
Removed File! : C:\WINDOWS\sysfs32.exe
Removed File! : C:\WINDOWS\sysgg.exe
Removed File! : C:\WINDOWS\syshj32.exe
Removed File! : C:\WINDOWS\syshm.exe
Removed File! : C:\WINDOWS\syshs32.exe
Removed File! : C:\WINDOWS\sysqh.exe
Removed File! : C:\WINDOWS\sysww.exe
Removed File! : C:\WINDOWS\winag32.exe
Removed File! : C:\WINDOWS\winit32.exe
Removed File! : C:\WINDOWS\winmg.exe
Removed File! : C:\WINDOWS\winsu.exe
Removed File! : C:\WINDOWS\wintw.exe
Removed File! : C:\WINDOWS\wllhl.log
Removed File! : C:\WINDOWS\wlxny.txt
Removed File! : C:\WINDOWS\xjktk.dll
Removed File! : C:\WINDOWS\System32\addah.exe
Removed File! : C:\WINDOWS\System32\addea32.exe
Removed File! : C:\WINDOWS\System32\addey32.exe
Removed File! : C:\WINDOWS\System32\addfs32.exe
Removed File! : C:\WINDOWS\System32\addgd32.exe
Removed File! : C:\WINDOWS\System32\addgv.exe
Removed File! : C:\WINDOWS\System32\addhe32.exe
Removed File! : C:\WINDOWS\System32\addif.exe
Removed File! : C:\WINDOWS\System32\addoe32.exe
Removed File! : C:\WINDOWS\System32\addpm.exe
Removed File! : C:\WINDOWS\System32\addqx.exe
Removed File! : C:\WINDOWS\System32\addye.exe
Removed File! : C:\WINDOWS\System32\apibj.exe
Removed File! : C:\WINDOWS\System32\apicc32.exe
Removed File! : C:\WINDOWS\System32\apidh.exe
Removed File! : C:\WINDOWS\System32\apimg32.exe
Removed File! : C:\WINDOWS\System32\apiox32.exe
Removed File! : C:\WINDOWS\System32\apiqc.exe
Removed File! : C:\WINDOWS\System32\apite.exe
Removed File! : C:\WINDOWS\System32\apiue.exe
Removed File! : C:\WINDOWS\System32\apivf32.exe
Removed File! : C:\WINDOWS\System32\apivl32.exe
Removed File! : C:\WINDOWS\System32\apiwd.exe
Removed File! : C:\WINDOWS\System32\apiwh.exe
Removed File! : C:\WINDOWS\System32\appaq.exe
Removed File! : C:\WINDOWS\System32\appdx.exe
Removed File! : C:\WINDOWS\System32\apphw.exe
Removed File! : C:\WINDOWS\System32\appkd32.exe
Removed File! : C:\WINDOWS\System32\appli32.exe
Removed File! : C:\WINDOWS\System32\applm32.exe
Removed File! : C:\WINDOWS\System32\appma.exe
Removed File! : C:\WINDOWS\System32\appmr32.exe
Removed File! : C:\WINDOWS\System32\appnx32.exe
Removed File! : C:\WINDOWS\System32\appoj.exe
Removed File! : C:\WINDOWS\System32\appol32.exe
Removed File! : C:\WINDOWS\System32\appql32.exe
Removed File! : C:\WINDOWS\System32\apptr32.exe
Removed File! : C:\WINDOWS\System32\apptv.exe
Removed File! : C:\WINDOWS\System32\aqrjo.txt
Removed File! : C:\WINDOWS\System32\atlbv.exe
Removed File! : C:\WINDOWS\System32\atlhc32.exe
Removed File! : C:\WINDOWS\System32\atliy.exe
Removed File! : C:\WINDOWS\System32\atloh32.dll
Removed File! : C:\WINDOWS\System32\atlvh.exe
Removed File! : C:\WINDOWS\System32\crid.exe
Removed File! : C:\WINDOWS\System32\crpw.exe
Removed File! : C:\WINDOWS\System32\crra32.exe
Removed File! : C:\WINDOWS\System32\crsn.exe
Removed File! : C:\WINDOWS\System32\crsp32.exe
Removed File! : C:\WINDOWS\System32\cruy.exe
Removed File! : C:\WINDOWS\System32\d3cd.exe
Removed File! : C:\WINDOWS\System32\d3da.exe
Removed File! : C:\WINDOWS\System32\d3fo.exe
Removed File! : C:\WINDOWS\System32\d3gr.exe
Removed File! : C:\WINDOWS\System32\d3hj32.exe
Removed File! : C:\WINDOWS\System32\d3ju.exe
Removed File! : C:\WINDOWS\System32\d3nv.exe
Removed File! : C:\WINDOWS\System32\d3qq.exe
Removed File! : C:\WINDOWS\System32\d3tg32.exe
Removed File! : C:\WINDOWS\System32\d3ux32.dll
Removed File! : C:\WINDOWS\System32\d3wt.exe
Removed File! : C:\WINDOWS\System32\darmm.dat
Removed File! : C:\WINDOWS\System32\dretr.log
Removed File! : C:\WINDOWS\System32\ftyec.dll
Removed File! : C:\WINDOWS\System32\gmpsm.txt
Removed File! : C:\WINDOWS\System32\grtrp.dll
Removed File! : C:\WINDOWS\System32\iefa.exe
Removed File! : C:\WINDOWS\System32\ienp.exe
Removed File! : C:\WINDOWS\System32\iesr32.exe
Removed File! : C:\WINDOWS\System32\ieys32.exe
Removed File! : C:\WINDOWS\System32\ieyt32.exe
Removed File! : C:\WINDOWS\System32\indtc.dat
Removed File! : C:\WINDOWS\System32\iniug.dll
Removed File! : C:\WINDOWS\System32\ipbc32.exe
Removed File! : C:\WINDOWS\System32\ipid.exe
Removed File! : C:\WINDOWS\System32\ipid32.exe
Removed File! : C:\WINDOWS\System32\iplr.exe
Removed File! : C:\WINDOWS\System32\ipsq32.exe
Removed File! : C:\WINDOWS\System32\ipyu.exe
Removed File! : C:\WINDOWS\System32\javacr32.exe
Removed File! : C:\WINDOWS\System32\javagh32.exe
Removed File! : C:\WINDOWS\System32\javajp32.exe
Removed File! : C:\WINDOWS\System32\javalb.exe
Removed File! : C:\WINDOWS\System32\javapn.exe
Removed File! : C:\WINDOWS\System32\javavw.exe
Removed File! : C:\WINDOWS\System32\kazik.txt
Removed File! : C:\WINDOWS\System32\keqfh.dat
Removed File! : C:\WINDOWS\System32\kqbgx.dat
Removed File! : C:\WINDOWS\System32\lhyjs.log
Removed File! : C:\WINDOWS\System32\mfccn.exe
Removed File! : C:\WINDOWS\System32\mfcia32.exe
Removed File! : C:\WINDOWS\System32\mfcir.exe
Removed File! : C:\WINDOWS\System32\mfciw.exe
Removed File! : C:\WINDOWS\System32\mfcke.dll
Removed File! : C:\WINDOWS\System32\mfcrr32.exe
Removed File! : C:\WINDOWS\System32\mfcxd.dll
Removed File! : C:\WINDOWS\System32\msek32.exe
Removed File! : C:\WINDOWS\System32\msgj32.exe
Removed File! : C:\WINDOWS\System32\msha32.exe
Removed File! : C:\WINDOWS\System32\msjg32.exe
Removed File! : C:\WINDOWS\System32\msjw32.exe
Removed File! : C:\WINDOWS\System32\msmx32.exe
Removed File! : C:\WINDOWS\System32\mssc32.exe
Removed File! : C:\WINDOWS\System32\mstk.dll
Removed File! : C:\WINDOWS\System32\msxd32.exe
Removed File! : C:\WINDOWS\System32\nakim.dll
Removed File! : C:\WINDOWS\System32\netkk32.exe
Removed File! : C:\WINDOWS\System32\netod32.exe
Removed File! : C:\WINDOWS\System32\nettb.exe
Removed File! : C:\WINDOWS\System32\netts.dll
Removed File! : C:\WINDOWS\System32\netvr.exe
Removed File! : C:\WINDOWS\System32\netvy.exe
Removed File! : C:\WINDOWS\System32\netwb.dll
Removed File! : C:\WINDOWS\System32\ntar.dll
Removed File! : C:\WINDOWS\System32\ntdn.exe
Removed File! : C:\WINDOWS\System32\ntls.exe
Removed File! : C:\WINDOWS\System32\ntlxs.dll
Removed File! : C:\WINDOWS\System32\ntrp.exe
Removed File! : C:\WINDOWS\System32\ntsl.exe
Removed File! : C:\WINDOWS\System32\ownbb.dll
Removed File! : C:\WINDOWS\System32\pvgom.dll
Removed File! : C:\WINDOWS\System32\rerer.dat
Removed File! : C:\WINDOWS\System32\sdkdm32.exe
Removed File! : C:\WINDOWS\System32\sdkfl.exe
Removed File! : C:\WINDOWS\System32\sdknf32.exe
Removed File! : C:\WINDOWS\System32\sdknu.exe
Removed File! : C:\WINDOWS\System32\sdknu32.exe
Removed File! : C:\WINDOWS\System32\sdkqx.exe
Removed File! : C:\WINDOWS\System32\sdktc32.exe
Removed File! : C:\WINDOWS\System32\sdkzv32.exe
Removed File! : C:\WINDOWS\System32\sysjm.exe
Removed File! : C:\WINDOWS\System32\syspb.dll
Removed File! : C:\WINDOWS\System32\sysqj32.exe
Removed File! : C:\WINDOWS\System32\sysqq32.exe
Removed File! : C:\WINDOWS\System32\sysye.exe
Removed File! : C:\WINDOWS\System32\ufwhv.dat
Removed File! : C:\WINDOWS\System32\winiq32.exe
Removed File! : C:\WINDOWS\System32\winoh.exe
Removed File! : C:\WINDOWS\System32\winwq32.exe
Removed File! : C:\WINDOWS\System32\winxh32.exe
Removed File! : C:\WINDOWS\System32\xumxx.dll
Removed File! : C:\WINDOWS\System32\ytspj.dll
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 18:48:32

**jurgenv** · 29 December 2005, 19:49

heb je alles uitgevoerd of alleen de about:buster? als je alles hebt uitgevoerd: mag ik dan een nieuw hijackthis logje zien?

**Laurens** · 29 December 2005, 21:00

Nee excuses; dit was nog neit alle stappen; slechts na stap 2

Zit nu vast aan stap 12; die scansite is echt sloom; en daarnet kreeg ik zelfs een firefox crash

De vorige stappen goed gelukt; Ccleaner had ik al; in stap 9 werd een cws infectie gevonden; in stap 10 werd er een hele hoop (

) rotzooi verwijderd..

Ik zal blijven proberen op die site tot mn pc gescanned is :close

Daarna post ik de AB logjes & een nieuwe hjt

**Laurens** · 29 December 2005, 21:04

Ok kreeg dus na wat prutsen weeral een mozilla crash; denk dat nog eens proberen niet veel zal helpen

Dus Heb in feite alle stappen gedaan behalve stap 12..

Hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 20:06:54, on 29/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Save\Save.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Laurens\Bureaublad\hjtgedoe\HijackThis.ex e

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchzoomer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Laurens\Application Data\Mozilla\Profiles\default\lcldkchw.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {18BC661B-CA52-BB63-83A2-D754F9603539} - C:\WINDOWS\system32\mfcxd.dll (file missing)
O2 - BHO: Class - {1D05561B-DD9B-F49D-6A11-B07C2D63FF20} - C:\WINDOWS\netcn32.dll (file missing)
O2 - BHO: Class - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - C:\WINDOWS\system32\mstk.dll (file missing)
O2 - BHO: Class - {3F300A97-6990-3673-92B7-FCDF52055C5F} - C:\WINDOWS\system32\syspb.dll (file missing)
O2 - BHO: Class - {4A7EFE21-0DA2-210A-D61C-5B30C3F53702} - C:\WINDOWS\system32\netts.dll (file missing)
O2 - BHO: Class - {4FC7118F-CEC2-4822-4FA2-BD496C690A0C} - C:\WINDOWS\ieme32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5F4CF23D-5370-7E4F-F006-FB29CBB4A970} - C:\WINDOWS\mfcwl32.dll (file missing)
O2 - BHO: Class - {8B043766-611B-3F26-B402-87942B3D9825} - C:\WINDOWS\system32\atloh32.dll (file missing)
O2 - BHO: Class - {991D3490-2A99-F7AE-8C3A-33A16AA22B1F} - C:\WINDOWS\system32\mfcke.dll (file missing)
O2 - BHO: Class - {BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD} - C:\WINDOWS\sysdj.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BE14A955-DD6C-A165-6A81-393FF536A2E2} - C:\WINDOWS\system32\ntar.dll (file missing)
O2 - BHO: Class - {C5B3F192-ABCE-2822-DCF4-FB06321A24FE} - C:\WINDOWS\apito32.dll (file missing)
O2 - BHO: Class - {C97CB847-28A7-9898-6A69-C9307ABFC8EC} - C:\WINDOWS\system32\d3ux32.dll (file missing)
O2 - BHO: Class - {E63F1C8C-F268-E0E3-67B6-E79D4A5DD48E} - C:\WINDOWS\d3sl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SysMon] C:\WINDOWS\System32\telnet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] C:\Program Files\Blokker Offline Software\Agent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

De 2 AB logs die gemaakt moesten worden :

boutBuster 6.0
Scan started on [29/12/2005] at [19:31:36]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\_default.pif:iradg
Removed Stream! C:\WINDOWS\_default.pif:xqxlk
Removed Stream! C:\WINDOWS\_default.pif:ytnjbd
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:34:38

AboutBuster 6.0
Scan started on [29/12/2005] at [19:35:26]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:37:28

Edit : excuses voor de dubbelpost

Discussie: Mijn log :)

Discussietools

Discussie doorzoeken

Weergave

Mijn log :)

Re: Mijn log :)

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

Re: Mijn log :)

Re: Mijn log :)

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

Re: Mijn log :)

Re: Mijn log :)

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

Re: Mijn log :)

Re: Mijn log :)

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

Re: Mijn log :)

Re: Mijn log :)

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

Zo mijn pc

Mijn muis doet gek en ik wil mijn harde schijf leegmaken maar volledig mijn pc op nul

mijn log

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten