kan iemand hier eens helpen [Archief]

Volledige versie bekijken : kan iemand hier eens helpen

Mullie

7 November 2005, 19:15

Ik post dit omdat ik onder andere een redelijk ambetante pop-up krijg van winfix ofzo

Logfile of HijackThis v1.99.1
Scan saved at 18:14:28, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mulnard\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu03867\untitled.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - C:\PROGRA~1\CRAMTO~1\tbu03867\untitled.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu03867\untitled.dll
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\Documents and Settings\Mulnard\Local Settings\Temporary Internet Files\Content.IE5\8527ODY3\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: -=XDP=- The eXtreme Download Place.lnk = C:\Program Files\-=XDP=- The eXtreme Download Place\-=XDP=- The eXtreme Download Place.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://213.224.2.139:8000/IWeb/ActiveX/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

jurgenv

7 November 2005, 19:25

* download en installeer ccleaner (http://www.majorgeeks.com/downloadget.php?id=4191&file=11&evp=a12d758b021af1a4f0a6bfe45b0c7a82)
maar nog niet gebruiken

* ga naar start==>configuratiescherm==>software en de-installeer indien aanwezig:
P2P Networking
altnet
SurfAccuracy
cramtoolbar

* open hijackthis en vink volgende regels aan indien aanwezig:

O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - C:\PROGRA~1\CRAMTO~1\tbu03867\untitled.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu03867\untitled.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\Documents and Settings\Mulnard\Local Settings\Temporary Internet Files\Content.IE5\8527ODY3\WinFixerScannerInstall[1].exe" -nag
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* verwijder volgende mappen indien aanwezig:

C:\Program Files\Cram Toolbar
c:\program files\altnet
C:\Program Files\SurfAccuracy
C:\WINDOWS\system32\P2P Networking

* open ccleaner en klik rechtsonderaan op 'opschonen'

* start je pc weer normaal

* download L2mfix van één van de volgende locaties:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Sla het op je bureaublad op en dubbelklik l2mfix.exe.
Klik de Install-knop om de files uit te pakken en doe wat er gevraagd wordt,
Daarna open je de nieuwe l2mfix-map die op je bureaublad staat.
Dubbelklik op l2mfix.bat en kies de optie #1 voor Run Find Log door 1 te typen en daarna op enter te klikken.
Deze zal je computer scannen. (je zal daar wel niet veel van merken)
Daarna, na ongeveer 2 minuten zal je kladblok openen met een logje.
Kopieer en plak de inhoud van dit logje hier met een nieuw hijackthis logje

BELANGRIJK!!: Klik NIET op optie 2 of op andere dingen die in die map staan.. zonder dat er daarvoor instructies gegeven zijn!

Mullie

8 November 2005, 14:18

merci voor deze uitleg
Zoals gevraagd de twee logjes hieronder.
Wat ik wel even wou melden is dat ik deze lijn : O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\Documents and Settings\Mulnard\Local Settings\Temporary Internet Files\Content.IE5\8527ODY3\WinFixerScannerInstall[1].exe" -nag
niet kon verwijderen met hjiackthis. Hij kwam er telkens terug op te staan

L2MFIX find log 1.04a
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00, 2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00, 74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00, 79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00, 79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00, 79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read INGEBOUWD\Gebruikers
(ID-IO) ALLOW Read INGEBOUWD\Gebruikers
(ID-NI) ALLOW Full access INGEBOUWD\Administrators
(ID-IO) ALLOW Full access INGEBOUWD\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access MAKER EIGENAAR

************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
************************************************** ********************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
************************************************** ********************************
HKEY ROOT CLASSIDS:
************************************************** ********************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
avisynth.dll Fri 7 Oct 2005 18:14:52 A.... 308.224 301,00 K
browseui.dll Sat 3 Sep 2005 0:54:56 A.... 1.020.416 996,50 K
cdfview.dll Sat 3 Sep 2005 0:54:56 A.... 151.552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:38 A.... 2.067.968 1,97 M
checkin.dll Mon 5 Sep 2005 7:34:38 A.... 16.896 16,50 K
cmdlin~1.dll Mon 24 Oct 2005 13:13:18 A.... 98.304 96,00 K
danim.dll Sat 3 Sep 2005 0:54:58 A.... 1.056.768 1,01 M
dxtrans.dll Sat 3 Sep 2005 0:54:58 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 0:54:58 ..... 55.808 54,50 K
ff_vfw.dll Mon 22 Aug 2005 11:55:18 A.... 5.632 5,50 K
iepeers.dll Sat 3 Sep 2005 0:54:58 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 0:54:58 A.... 96.768 94,50 K
linkinfo.dll Thu 1 Sep 2005 3:28:26 A.... 19.968 19,50 K
mshtml.dll Tue 4 Oct 2005 16:27:36 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 0:55:02 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 0:55:02 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 0:55:04 A.... 530.432 518,00 K
netman.dll Mon 22 Aug 2005 19:36:16 A.... 197.632 193,00 K
pngfilt.dll Sat 3 Sep 2005 0:55:04 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:56:40 A.... 1.291.264 1,23 M
shdocvw.dll Sat 3 Sep 2005 0:55:06 A.... 1.483.776 1,41 M
shell32.dll Fri 23 Sep 2005 4:08:06 A.... 8.497.664 8,10 M
shlwapi.dll Sat 3 Sep 2005 0:55:06 A.... 474.112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118.784 116,00 K
umpnpmgr.dll Tue 23 Aug 2005 4:40:36 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 0:55:08 A.... 605.184 591,00 K
wininet.dll Sat 3 Sep 2005 0:55:08 A.... 661.504 646,00 K
winsrv.dll Thu 1 Sep 2005 3:28:26 A.... 292.352 285,50 K
28 items found: 28 files, 0 directories.
Total of file sizes: 23.279.616 bytes 22,20 M
Locate .tmp files:
No matches found.
************************************************** ********************************
Directory Listing of system files:
Het volume in station C heeft geen naam.
Het volumenummer is C0B6-79B7
Map van C:\WINDOWS\System32
03/11/2005 18:30 <DIR> dllcache
23/08/2005 07:56 <DIR> Microsoft
0 bestand(en) 0 bytes
2 map(pen) 3.975.090.176 bytes beschikbaar

Logfile of HijackThis v1.99.1
Scan saved at 13:16:52, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mulnard\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\Documents and Settings\Mulnard\Local Settings\Temporary Internet Files\Content.IE5\8527ODY3\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: -=XDP=- The eXtreme Download Place.lnk = C:\Program Files\-=XDP=- The eXtreme Download Place\-=XDP=- The eXtreme Download Place.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://213.224.2.139:8000/IWeb/ActiveX/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

jurgenv

8 November 2005, 18:14

Download de trial versie van Spy Sweeper Hier (http://www.webroot.com/consumer/products/spysweeper)

en installeer het via de 'standaard installatie'. (er word gevraagd om je e-mail adres, je kan deze gerust geven ;) )

er zal u gevraagd worden om de nieuwste defenitie's van spysweeper te installeren, doe dit ook
(dit kan enkele minuten duren)

klik dan op Options > Sweep Options en vink aan: Sweep all Folders on Selected drives. en Local Disc C. onder What to Sweep, vink je alles aan

klik op Sweep en laat het je systeem volledig scannen

wanneer het scannen gedaan is, klik dan op Remove. en daarna op Select All en daarna Next

bij 'Results', ga naar Session Log tabblad. klik dan op Save to File en bewaar de log waar je het gemakkelijk terugvind
Exit Spy Sweeper.

kopieer en plak dan de log hier als je volgend antwoord met een nieuw hijackthis log

Mullie

12 November 2005, 11:36

Zoveel briel da hij vond zeg .....

********
10:26: | Start of Session, zaterdag 12 november 2005 |
10:26: Spy Sweeper started
10:26: Sweep initiated using definitions version 572
10:26: Starting Memory Sweep
10:28: Memory Sweep Complete, Elapsed Time: 00:01:34
10:28: Starting Registry Sweep
10:28: Found Adware: altnet
10:28: HKCR\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}\ (1 subtraces) (ID = 103460)
10:28: HKCR\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}\ (1 subtraces) (ID = 103462)
10:28: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
10:28: Found Adware: topsearch
10:28: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
10:28: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
10:28: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
10:28: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
10:28: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
10:28: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
10:28: Found Adware: rx toolbar
10:28: HKCR\rxresult.rxresultfilter\ (3 subtraces) (ID = 729537)
10:28: HKCR\rxresult.rxresultfilter\clsid\ (1 subtraces) (ID = 729539)
10:28: HKCR\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729541)
10:28: HKCR\rxresult.rxresultfilter.1\clsid\ (1 subtraces) (ID = 729543)
10:28: HKCR\rxresult.rxresulttracker\ (3 subtraces) (ID = 729545)
10:28: HKCR\rxresult.rxresulttracker\clsid\ (1 subtraces) (ID = 729547)
10:28: HKCR\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729549)
10:28: HKCR\rxresult.rxresulttracker.1\clsid\ (1 subtraces) (ID = 729551)
10:28: HKCR\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729553)
10:28: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729573)
10:28: HKLM\software\classes\rxresult.rxresultfilter\ (3 subtraces) (ID = 729616)
10:28: HKLM\software\classes\rxresult.rxresultfilter\clsi d\ (1 subtraces) (ID = 729618)
10:28: HKLM\software\classes\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729620)
10:28: HKLM\software\classes\rxresult.rxresultfilter.1\cl sid\ (1 subtraces) (ID = 729622)
10:28: HKLM\software\classes\rxresult.rxresulttracker\ (3 subtraces) (ID = 729624)
10:28: HKLM\software\classes\rxresult.rxresulttracker\cls id\ (1 subtraces) (ID = 729626)
10:28: HKLM\software\classes\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729628)
10:28: HKLM\software\classes\rxresult.rxresulttracker.1\c lsid\ (1 subtraces) (ID = 729630)
10:28: HKLM\software\classes\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729632)
10:28: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729652)
10:28: Found Adware: winantispyware 2005
10:28: HKLM\software\winfixer2005\ (1 subtraces) (ID = 813086)
10:28: HKCR\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970282)
10:28: HKCR\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970286)
10:28: HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970474)
10:28: HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970551)
10:28: HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970710)
10:28: HKLM\software\classes\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970714)
10:28: HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970909)
10:28: HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970986)
10:28: Found Adware: cydoor peer-to-peer dependency
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\kazaa\promotions\cydoor\ (310 subtraces) (ID = 124527)
10:28: Found Adware: dapsol dialer
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\microsoft\internet explorer\main\ || conc (ID = 124673)
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\rx toolbar\ (1 subtraces) (ID = 140298)
10:28: Found Adware: ist sidefind
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
10:28: Found Trojan Horse: trojan-downloader-2pursuit
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\microsoft\gg\conf\ (63 subtraces) (ID = 802702)
10:28: Found Adware: cram toolbar
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\xbtb00429\ (1 subtraces) (ID = 826185)
10:28: HKU\S-1-5-21-1214440339-413027322-725345543-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {01e69986-a054-4c52-abe8-ef63df1c5211} (ID = 826757)
10:28: Registry Sweep Complete, Elapsed Time:00:00:14
10:28: Starting Cookie Sweep
10:28: Found Spy Cookie: yieldmanager cookie
10:28: mulnard@ad.yieldmanager[2].txt (ID = 3751)
10:28: Found Spy Cookie: adknowledge cookie
10:28: mulnard@adknowledge[1].txt (ID = 2072)
10:28: Found Spy Cookie: pointroll cookie
10:28: mulnard@ads.pointroll[1].txt (ID = 3148)
10:28: Found Spy Cookie: adultfriendfinder cookie
10:28: mulnard@adultfriendfinder[2].txt (ID = 2165)
10:28: Found Spy Cookie: advertising cookie
10:28: mulnard@advertising[2].txt (ID = 2175)
10:28: Found Spy Cookie: askmen cookie
10:28: mulnard@askmen[2].txt (ID = 2247)
10:28: Found Spy Cookie: atlas dmt cookie
10:28: mulnard@atdmt[2].txt (ID = 2253)
10:28: Found Spy Cookie: azjmp cookie
10:28: mulnard@azjmp[2].txt (ID = 2270)
10:28: Found Spy Cookie: a cookie
10:28: mulnard@a[1].txt (ID = 2027)
10:28: Found Spy Cookie: belnk cookie
10:28: mulnard@belnk[1].txt (ID = 2292)
10:28: Found Spy Cookie: burstnet cookie
10:28: mulnard@burstnet[2].txt (ID = 2336)
10:28: Found Spy Cookie: zedo cookie
10:28: mulnard@c5.zedo[1].txt (ID = 3763)
10:28: Found Spy Cookie: casalemedia cookie
10:28: mulnard@casalemedia[2].txt (ID = 2354)
10:28: Found Spy Cookie: centrport net cookie
10:28: mulnard@centrport[2].txt (ID = 2374)
10:28: Found Spy Cookie: sextracker cookie
10:28: mulnard@counter3.sextracker[2].txt (ID = 3362)
10:28: Found Spy Cookie: desktop kazaa cookie
10:28: mulnard@desktop.kazaa[1].txt (ID = 2515)
10:28: mulnard@dist.belnk[2].txt (ID = 2293)
10:28: Found Spy Cookie: fastclick cookie
10:28: mulnard@fastclick[2].txt (ID = 2651)
10:28: Found Spy Cookie: go.com cookie
10:28: mulnard@flightplan.movies.go[1].txt (ID = 2729)
10:28: mulnard@go[1].txt (ID = 2728)
10:28: Found Spy Cookie: linksynergy cookie
10:28: mulnard@linksynergy[2].txt (ID = 2926)
10:28: Found Spy Cookie: maxserving cookie
10:28: mulnard@maxserving[1].txt (ID = 2966)
10:28: Found Spy Cookie: metriweb.be cookie
10:28: mulnard@metriweb[1].txt (ID = 2992)
10:28: Found Spy Cookie: overture cookie
10:28: mulnard@perf.overture[1].txt (ID = 3106)
10:28: Found Spy Cookie: adjuggler cookie
10:28: mulnard@rotator.adjuggler[1].txt (ID = 2071)
10:28: Found Spy Cookie: servedby advertising cookie
10:28: mulnard@servedby.advertising[2].txt (ID = 3335)
10:28: mulnard@sextracker[1].txt (ID = 3361)
10:28: Found Spy Cookie: statcounter cookie
10:28: mulnard@statcounter[1].txt (ID = 3447)
10:28: Found Spy Cookie: reliablestats cookie
10:28: mulnard@stats1.reliablestats[2].txt (ID = 3254)
10:28: Found Spy Cookie: tradedoubler cookie
10:28: mulnard@tradedoubler[1].txt (ID = 3575)
10:28: Found Spy Cookie: tribalfusion cookie
10:28: mulnard@tribalfusion[1].txt (ID = 3589)
10:28: Found Spy Cookie: xiti cookie
10:28: mulnard@xiti[1].txt (ID = 3717)
10:28: Found Spy Cookie: yadro cookie
10:28: mulnard@yadro[1].txt (ID = 3743)
10:28: mulnard@zedo[2].txt (ID = 3762)
10:28: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:28: Starting File Sweep
10:28: Found Trojan Horse: trojan-downloader-daily-weather
10:28: c:\program files\daily weather forecast (1 subtraces) (ID = -2147474081)
10:28: c:\program files\common files\winsoftware (2 subtraces) (ID = -2147476682)
10:31: dfdr.sys (ID = 188536)
10:31: Found Adware: surf accuracy
10:31: uninstall.exe (ID = 180136)
10:31: topsearch.dll (ID = 79735)
10:33: Found Adware: java byteverify
10:33: classload.jar-56d50b79-68dbf864.zip (ID = 64823)
10:33: classload.jar-56d50b79-1af47ddd.zip (ID = 64823)
10:33: File Sweep Complete, Elapsed Time: 00:04:56
10:33: Full Sweep has completed. Elapsed time 00:06:48
10:33: Traces Found: 676
10:34: Removal process initiated
10:34: Quarantining All Traces: cram toolbar
10:34: Quarantining All Traces: trojan-downloader-2pursuit
10:34: Quarantining All Traces: trojan-downloader-daily-weather
10:34: Quarantining All Traces: altnet
10:34: Quarantining All Traces: cydoor peer-to-peer dependency
10:34: Quarantining All Traces: dapsol dialer
10:34: Quarantining All Traces: ist sidefind
10:34: Quarantining All Traces: java byteverify
10:34: Quarantining All Traces: rx toolbar
10:34: Quarantining All Traces: surf accuracy
10:34: Quarantining All Traces: topsearch
10:34: Quarantining All Traces: winantispyware 2005
10:34: Quarantining All Traces: a cookie
10:34: Quarantining All Traces: adjuggler cookie
10:34: Quarantining All Traces: adknowledge cookie
10:34: Quarantining All Traces: adultfriendfinder cookie
10:34: Quarantining All Traces: advertising cookie
10:34: Quarantining All Traces: askmen cookie
10:34: Quarantining All Traces: atlas dmt cookie
10:34: Quarantining All Traces: azjmp cookie
10:34: Quarantining All Traces: belnk cookie
10:34: Quarantining All Traces: burstnet cookie
10:34: Quarantining All Traces: casalemedia cookie
10:34: Quarantining All Traces: centrport net cookie
10:34: Quarantining All Traces: desktop kazaa cookie
10:34: Quarantining All Traces: fastclick cookie
10:34: Quarantining All Traces: go.com cookie
10:34: Quarantining All Traces: linksynergy cookie
10:34: Quarantining All Traces: maxserving cookie
10:34: Quarantining All Traces: metriweb.be cookie
10:34: Quarantining All Traces: overture cookie
10:34: Quarantining All Traces: pointroll cookie
10:34: Quarantining All Traces: reliablestats cookie
10:34: Quarantining All Traces: servedby advertising cookie
10:34: Quarantining All Traces: sextracker cookie
10:34: Quarantining All Traces: statcounter cookie
10:34: Quarantining All Traces: tradedoubler cookie
10:34: Quarantining All Traces: tribalfusion cookie
10:34: Quarantining All Traces: xiti cookie
10:34: Quarantining All Traces: yadro cookie
10:34: Quarantining All Traces: yieldmanager cookie
10:34: Quarantining All Traces: zedo cookie
10:34: Removal process completed. Elapsed time 00:00:16
********
10:25: | Start of Session, zaterdag 12 november 2005 |
10:25: Spy Sweeper started
10:26: Your spyware definitions have been updated.
10:26: | End of Session, zaterdag 12 november 2005 |

en dan de tweede

Logfile of HijackThis v1.99.1
Scan saved at 10:35:54, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mulnard\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\Documents and Settings\Mulnard\Local Settings\Temporary Internet Files\Content.IE5\8527ODY3\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: -=XDP=- The eXtreme Download Place.lnk = C:\Program Files\-=XDP=- The eXtreme Download Place\-=XDP=- The eXtreme Download Place.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://213.224.2.139:8000/IWeb/ActiveX/msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Alvast bedankt Jurgenv voor de hulp hé

RichKE

12 November 2005, 12:30

krijg khier geen logje gepost?? hoe komt dat??

RichKE

12 November 2005, 12:34

Sorry ben verkeerd!!!!!!!!!! sorry, jongens, wilde echt niet storen.

jurgenv

12 November 2005, 13:07

* Download, installeer en update de free trial versie van Ewido Security Suite (http://www.ewido.net/en/download/)

Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
Sluit Ewido. Laat het nog niet scannen

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Open Ewido Security Suite
klik op Scanner
Klik op complete system scan
Laat het programma je pc scannen
Tijdens de scan zal je gevraagd worden of je gevonden bestanden wil verwijderen. Klik dan op OK
Als de scan beëindigd is, zal je een knop zienBewaar rapport
Klik op Bewaar rapport
Sla het rapport op op je bureaublad
Sluit Ewido af

* start je pc weer normaal en post een nieuw hijackthis logje hier + het rapport van ewido