Volledige versie bekijken : mijn logje
RobinS 24 June 2006, 16:48 Logfile of HijackThis v1.99.1
Scan saved at 16:46:34, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Robin\LOCALS~1\Temp\Rar$EX07.140\Hijac kThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.3.0\HbtHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.3.0\HbtHostIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.3.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 24 June 2006, 17:26 * Pak hijackthis.exe uit en plaats die in een vaste map bv C:/hijackthis (belangrijk)
* je moet Java updaten:
Ga naar Start > Configuratiescherm dubbelklik op het Software icoontje. Je zal een lijst te zien krijgen van de geïnstalleerde programma's op je systeem.
Zoek in de lijst naar alle voorgaande versies van Java. (J2SE Runtime Environment.... )
Het heeft volgend icoontje: http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Selecteer het en kies voor verwijderen.
Daarna, download en installeer de nieuwste versie van hier:
http://www.java.com/en/download/manual.jsp
* open hijackthis en vink volgende regels aan:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers...meLeftPane.htm
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.3.0\HbtHostIE.dll
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.3.0\HbtOEAddOn.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Ga naar start==>configuratiescherm==>sofware en de-installeer indien aanwezig:
ShopperReports
HbTools
Hotbar
* verwijder volgende mappen indien aanwezig:
C:\Program Files\ShopperReports
C:\Program Files\HbTools
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* post dan een nieuw hijackthis logje hier + vertel hoe alles verder werkt.
RobinS 26 June 2006, 11:20 alles werkt terug goed
Logfile of HijackThis v1.99.1
Scan saved at 11:19:03, on 26/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 26 June 2006, 12:34 Ik zie dat je twee antivirussen in real-time gebruikt (Noran en AVG) dit is niet aan te raden want zo zullen conflicten ontstaan tussen de twee die voor vertragingen zorgen en die ook de betrouwbaarheid doen dalen, dus de-installeer, of schakelen 1 van de 2 uit. :)
RobinS 26 June 2006, 12:39 oke hartelijk bedankt dan schakel in avg uit want norman is betalend
jurgenv 26 June 2006, 12:44 Ok, post dan een nieuw hijackthis logje hier ter controle. ;)
RobinS 27 June 2006, 09:23 Logfile of HijackThis v1.99.1 Scan saved at 9:22:28, on 27/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Norman\Bin\Zanda.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\Program Files\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 27 June 2006, 09:24 Logfile of HijackThis v1.99.1 Scan saved at 9:22:28, on 27/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Norman\Bin\Zanda.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\Program Files\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 27 June 2006, 09:26 Dat gaat niet meer tegoei hoe kan dat bij hijacktis op kladblok perfect en als ik het plak door elkaar ik zal eens proberen een nieuw onderwerp dan ga da mss wel
RobinS 27 June 2006, 09:30 Scan saved at 9:22:28, on 27/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Logfile of HijackThis v1.99.1 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Norman\Bin\Zanda.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\Program Files\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 27 June 2006, 13:47 Open kladblok en ga dan naar 'opmaak' en vink daar uit: automatische terugloop
Probeer dan een nieuw hijackthis logje te posten.
RobinS 28 June 2006, 12:15 Logfile of HijackThis v1.99.1 Scan saved at 12:14:45, on 28/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Norman\Bin\Zanda.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\BIN\nipsvc.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 28 June 2006, 12:16 Als ik het hier plak is het goe ma als ik dan het wil posten gebeurt dit
RobinS 28 June 2006, 12:16 Logfile of HijackThis v1.99.1 Scan saved at 12:14:45, on 28/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Norman\Bin\Zanda.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\BIN\nipsvc.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 28 June 2006, 12:17 pfffffffff !!!!!!!!!!!
jurgenv 28 June 2006, 13:10 En als je het logje hier als bijlage post? :)
RobinS 29 June 2006, 11:41 hoe doe je dat
jurgenv 29 June 2006, 11:59 Reageer op mijn reply en dan zal je van,onderen en knop zien 'beheer bijlagen' :)
RobinS 29 June 2006, 13:07 Ja sorry ma ik zie nergens ene knop met beheer bijlagen
jurgenv 29 June 2006, 13:13 http://img527.imageshack.us/img527/3051/naamloos5ap.jpg
RobinS 30 June 2006, 11:37 mijn logje .
zalt is probere
jurgenv 30 June 2006, 13:02 * open hijackthis en vink volgende regels aan:
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* voor de rest ziet het er goed uit.
RobinS 3 July 2006, 20:40 Ik krijg die jammer genoeg niet weg .
jurgenv 3 July 2006, 20:58 Ik zie dat je twee Antivirussen gebruikt (AVG en Norman) schakel 1 van de twee uit f de-installeer er 1 omdat je anders met conflicten zult zitten die je pc doet vertragen en die ook de betrouwbaarheid doet dalen.
RobinS 5 July 2006, 15:27 ok maar welke zou ik dan de-instaleren norman moeten we binnekort betalen en avg is gratis wat zout gij doen
(maakt da veel uit ?)
jurgenv 5 July 2006, 15:30 De-installeer norman dan. :)
RobinS 6 July 2006, 21:45 ja ma heb tog ma avg free de instaleerd norman vind ik persoonlijk beter he ;)
hier is nog een logje van mij .
krijg wel shopper reports nie weg is da erg
jurgenv 7 July 2006, 13:29 Kan je eens die regeltjes in veilige modus proberen te fixen? :)
RobinS 7 July 2006, 16:31 zalt is probere
RobinS 7 July 2006, 16:41 lukt nog steeds nie maar die zegt wel iets van ne backup maar ben daar allemaal nie zo handig in
jurgenv 7 July 2006, 17:35 Open kladblok en kopieer en plak het volgende erin:
regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key"
start notepad look.txt
Sla dit op als kijk.bat , kies voor opslaan als alle bestanden en plaats het op je bureaublad.
Dubbelklik op kijk.bat en post de inhoud van het txtbestandje die je dan krijgt hier.
RobinS 9 July 2006, 10:24 dan komt er dit op het scherm
jurgenv 9 July 2006, 13:29 Download Silent Runners (http://www.silentrunners.org/Silent%20Runners.zip)
Unzip het naar een eigen map.
Start SilentRunners.vbs
Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren.
Wacht tot je een melding krijgt dat het script klaar is.
Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post de inhoud van dit logje.
RobinS 27 July 2006, 16:32 "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"InstantTray" = "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" ["Pinnacle Systems"]
"IW_Drop_Icon" = "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc" ["Pinnacle Systems GmbH."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"Norman ZANDA" = "C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH" [null data]
"EPSON Stylus C66 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"" ["SEIKO EPSON CORPORATION"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension"
-> {HKLM...CLSID} = "CD Copy Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension"
-> {HKLM...CLSID} = "CD Wizard Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F5D92344-0A64-11D0-9956-0000E8096023}" = "InstantWrite Shellextension"
-> {HKLM...CLSID} = "InstantWrite Shellextension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\iwshex.dll" ["VOB Computersysteme GmbH"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-extensie voor bestandspictogrammen"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
-> {HKLM...CLSID} = "GMail Drive"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
-> {HKLM...CLSID} = "GMailFS Property Sheet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
-> {HKLM...CLSID} = "GMailFS Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
-> {HKLM...CLSID} = "GMailFS Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Robin" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"NPF Messenger" -> shortcut to: "C:\Program Files\Norman\NPF\NPFMSG.EXE /LOAD" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ShopperReports – Price Comparison"
\InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]
{946B3E9E-E21A-49C8-9F63-900533FAFE14}\
"ButtonText" = "ShopperReports - Compare travel rates"
"CLSIDExtension" = "{454b4812-e572-4703-a1bb-63490809eac0}"
-> {HKLM...CLSID} = "IEButtonA"
\InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll" [file not found]
{946B3E9E-E21A-49C8-9F63-900533FAFE15}\
"ButtonText" = "ShopperReports - Compare product prices"
"CLSIDExtension" = "{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}"
-> {HKLM...CLSID} = "IEButton"
\InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Norman API-hooking helper, NipSvc, "C:\Program Files\Norman\Nvc\BIN\nipsvc.exe" [null data]
Norman NJeeves, Norman NJeeves, "C:\Program Files\Norman\bin\NJEEVES.EXE" [null data]
Norman Type-R, Norman Type-R, "C:\Program Files\Norman\NPF\NPFSVICE.EXE" [null data]
Norman Virus Control on-access component, nvcoas, "C:\Program Files\Norman\Nvc\bin\nvcoas.exe" ["Norman ASA"]
Norman Virus Control Scheduler, NVCScheduler, "C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE" ["Norman Data Defense Systems"]
Norman ZANDA, Norman ZANDA, ""C:\Program Files\Norman\Bin\Zanda.exe"" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 80 seconds, including 8 seconds for message boxes)
jurgenv 27 July 2006, 16:43 Open Kladblok.
Kopieer de onderstaande vetgedrukte tekst en plak deze in een nieuw document.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
Kies Bestand -> Opslaan
Selecteer bij "Opslaan in": Bureaublad
Vul bij "Bestandsnaam" in: fix.reg
Selecteer bij "Opslaan als type": Alle bestanden
Klik op "Opslaan".
Dubbelklik op fix.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.
Start de pc opnieuw op en post een nieuw hijackthis logje hier
RobinS 30 July 2006, 19:58 "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"InstantTray" = "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" ["Pinnacle Systems"]
"IW_Drop_Icon" = "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc" ["Pinnacle Systems GmbH."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" [null data]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"Norman ZANDA" = "C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH" [null data]
"EPSON Stylus C66 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"" ["SEIKO EPSON CORPORATION"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
ik heb mijn best gedaan maar op mijn bureau blad heet dit fix en niet hoe u zij maar ja ik heb het geprobeerd
RobinS 30 July 2006, 20:00 Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"InstantTray" = "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" ["Pinnacle Systems"]
"IW_Drop_Icon" = "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc" ["Pinnacle Systems GmbH."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"Norman ZANDA" = "C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH" [null data]
"EPSON Stylus C66 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"" ["SEIKO EPSON CORPORATION"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Uitvoeren..."
-> {HKLM...CLSID} = "Uitvoeren..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Hulpprogramma met opties voor registerboomstructuur"
-> {HKLM...CLSID} = "Hulpprogramma met opties voor registerboomstructuur"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension"
-> {HKLM...CLSID} = "CD Copy Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension"
-> {HKLM...CLSID} = "CD Wizard Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F5D92344-0A64-11D0-9956-0000E8096023}" = "InstantWrite Shellextension"
-> {HKLM...CLSID} = "InstantWrite Shellextension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\iwshex.dll" ["VOB Computersysteme GmbH"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-extensie voor bestandspictogrammen"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
-> {HKLM...CLSID} = "GMail Drive"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
-> {HKLM...CLSID} = "GMailFS Property Sheet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
-> {HKLM...CLSID} = "GMailFS Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
-> {HKLM...CLSID} = "GMailFS Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norman\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Robin" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"NPF Messenger" -> shortcut to: "C:\Program Files\Norman\NPF\NPFMSG.EXE /LOAD" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]
{946B3E9E-E21A-49C8-9F63-900533FAFE14}\
"ButtonText" = "ShopperReports - Compare travel rates"
"CLSIDExtension" = "{454b4812-e572-4703-a1bb-63490809eac0}"
-> {HKLM...CLSID} = "IEButtonA"
\InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll" [file not found]
{946B3E9E-E21A-49C8-9F63-900533FAFE15}\
"ButtonText" = "ShopperReports - Compare product prices"
"CLSIDExtension" = "{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}"
-> {HKLM...CLSID} = "IEButton"
\InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Norman API-hooking helper, NipSvc, "C:\Program Files\Norman\Nvc\BIN\nipsvc.exe" [null data]
Norman NJeeves, Norman NJeeves, "C:\Program Files\Norman\bin\NJEEVES.EXE" [null data]
Norman Type-R, Norman Type-R, "C:\Program Files\Norman\NPF\NPFSVICE.EXE" [null data]
Norman Virus Control on-access component, nvcoas, "C:\Program Files\Norman\Nvc\bin\nvcoas.exe" ["Norman ASA"]
Norman Virus Control Scheduler, NVCScheduler, "C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE" ["Norman Data Defense Systems"]
Norman ZANDA, Norman ZANDA, ""C:\Program Files\Norman\Bin\Zanda.exe"" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 89 seconds, including 9 seconds for message boxes)
jurgenv 5 August 2006, 20:16 1. Download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 naar je Bureaublad. Klik op Avenger.zip om het uit te pakken naar je bureaublad
2. Nu, start The Avenger door op het icoontje met het zwaard te dubbelklikken. Onder "Script file to execute" kies "Input Script Manually". Klik op het vergrootglas icoontje die een niew venster zal openen met de naam "View/edit script" Kopieer en plak volgend volledig vetgedrukt erin:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!
Klik Done Daarna klik op het Groen verkeerslicht om het script uit te voeren Antwoord "Yes/Ja" wanneer daarnaar gevraagd wordt.
3. The Avenger zal daarna het volgende doen: Uw computer herstarten. ( In gevallen waar het script een code bevat met "Drivers to Unload", dan zal The Avenger tweemaal uw systeem herstarten) Na herstart, zal het vlug een zwart command window openen. Dit is normaal. Na herstart, zal het een log maken die zal openen met de resultaten van The Avenger. Deze log zal te vinden zijn op C:\avenger.txt The Avenger maakt ook backups aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: C:\avenger\backup.zip.
4. Kopieer en plak de inhoud van avenger.txt in je volgende post samen met een nieuw hijackthislog.
RobinS 14 August 2006, 12:05 dan komt er dit op het scherm wnr ik ja moet klikken
Syntax error in line --- does not appear to be a valid registry path . Line will be ignored
jurgenv 14 August 2006, 12:10 Toon eens wat je in kladblok geplakt hebt.
RobinS 14 August 2006, 18:56 Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B
jurgenv 14 August 2006, 19:07 Heb je mijn laatste post over avenger wel goed gelezen?
RobinS 16 August 2006, 19:26 ja ik dacht van wel
maar dit is wat ik geplakt hebt bij slient runner
jurgenv 16 August 2006, 19:39 1. Download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 naar je Bureaublad. Klik op Avenger.zip om het uit te pakken naar je bureaublad
2. Nu, start The Avenger door op het icoontje met het zwaard te dubbelklikken. Onder "Script file to execute" kies "Input Script Manually". Klik op het vergrootglas icoontje die een niew venster zal openen met de naam "View/edit script" Kopieer en plak volgend volledig vetgedrukt erin:
Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!
Klik Done Daarna klik op het Groen verkeerslicht om het script uit te voeren Antwoord "Yes/Ja" wanneer daarnaar gevraagd wordt.
3. The Avenger zal daarna het volgende doen: Uw computer herstarten. ( In gevallen waar het script een code bevat met "Drivers to Unload", dan zal The Avenger tweemaal uw systeem herstarten) Na herstart, zal het vlug een zwart command window openen. Dit is normaal. Na herstart, zal het een log maken die zal openen met de resultaten van The Avenger. Deze log zal te vinden zijn op C:\avenger.txt The Avenger maakt ook backups aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: C:\avenger\backup.zip.
4. Kopieer en plak de inhoud van avenger.txt in je volgende post samen met een nieuw hijackthislog.
Silent runners? Voer bovenstaande stappen eens uit. :)
RobinS 17 August 2006, 11:40 heb ik gedaan ma dan is er zon error
jurgenv 17 August 2006, 12:48 Welke error?
RobinS 18 August 2006, 14:06 Syntax error in line --- does not appear to be a valid registry path . Line will be ignored
jurgenv 18 August 2006, 14:09 Ben je wel zeker dat je dit vetgedrukte tekst als script hebt?
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
RobinS 22 August 2006, 13:10 ja ik heb het gedaan maar dan die error en nog wa zever
jurgenv 22 August 2006, 13:12 Post die error eens hier.
RobinS 23 August 2006, 20:06 http://img20.imageshack.us/img20/337/naamloospn5.jpg
(http://img20.imageshack.us/img20/337/naamloospn5.th.jpg)
jurgenv 23 August 2006, 20:14 Ok, toon eens wat je in kladblok geplakt hebt als script.
RobinS 31 August 2006, 13:48 van avenger bedoeld u
RobinS 31 August 2006, 13:49 wat u mij gezegd eeft dit heir
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
jurgenv 31 August 2006, 14:22 wat u mij gezegd eeft dit heir
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
Ja dat vergedrukte moet het script zijn.
RobinS 31 August 2006, 19:48 hebk gedaan
jurgenv 31 August 2006, 20:31 NE je krijgt nog steeds die foutmelding?
RobinS 5 September 2006, 18:21 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
maar nu stond er een map toen ik avenger opende met de naam errorlog
jurgenv 5 September 2006, 18:27 Toon eens een screenshot van het script in kladblok.
RobinS 5 September 2006, 18:34 heb iets gevonde als ik ze 1 voor 1 doe gaat het de eerste heb ik al verwijdert pc starte opnieuw op
jurgenv 5 September 2006, 18:38 heb iets gevonde als ik ze 1 voor 1 doe gaat het de eerste heb ik al verwijdert pc starte opnieuw op
Ok, dan zo proberen.
RobinS 7 September 2006, 17:56 ma de laatste 3 wille nie
jurgenv 7 September 2006, 17:57 Hoe bedoel je? Wat krijg je dan te zien?
RobinS 8 September 2006, 19:53 dat gaat gewoon nie en weer die error
en als ik naar 1 bepaalde persoon op msn iets stuur valt msn uit
en pc is traag
jurgenv 8 September 2006, 19:57 1. Download dit bestand: - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Dubbelklik op combofix.exe en volg de instructies die je krijgt.
3. Wanneer het tooltje klaar is zal het een rapport maken voor je, post die log hier met een nieuw hijackthis logje.
Note:
Niet klikken terwijl combofix bezig is, dat zou het tooltje doen vastlopen!
RobinS 10 September 2006, 16:07 Robin - 06-09-10 16:05:11,46
ComboFix 06.09.07 - Running from: C:\Documents and Settings\Robin\Bureaublad
Microsoft Windows XP [versie 5.1.2600]
((((((((((((((((((((((((((((((( Files Created from 2006-08-10 to 2006-09-10 ))))))))))))))))))))))))))))))))))
2006-09-05 18:35 1,080 --a------ C:\qbahkbbt.bat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2006-09-10 15:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-05 18:29 60416 --a------ C:\WINDOWS\system32\drivers\efwi^hwt.sys
2006-08-25 15:34 -------- d-------- C:\Program Files\Java
2006-08-25 15:24 -------- d-------- C:\Program Files\Norman
2006-08-22 20:27 -------- d-------- C:\Program Files\GTA2
2006-08-22 20:15 -------- d-------- C:\Program Files\VCop2
2006-08-18 14:17 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-14 12:02 732 --a------ C:\Program Files\hntfpmbs.txt
2006-08-08 19:30 -------- d-------- C:\Program Files\Internet Explorer
2006-07-31 12:06 -------- d-------- C:\Program Files\EA GAMES
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 17:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-26 17:18 -------- d-------- C:\Program Files\SouthPeak Interactive
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe"
"SoundMan"="SOUNDMAN.EXE"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"Norman ZANDA"="C:\\Program Files\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH"
"EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O6 \"USB001\" /M \"Stylus C66\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"InstantTray"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"IW_Drop_Icon"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctr l.exe /DropDisc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00, 00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Completion time: Sun 10/09/2006 16:05:48.25
ComboFix.txt
dit opende combofix in kladblok
RobinS 10 September 2006, 16:08 en hier mij hijacktislogje
Logfile of HijackThis v1.99.1
Scan saved at 16:08:01, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 10 September 2006, 17:25 En probeer ze nu eens gewoon te fixen in hijackthis:
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
RobinS 11 September 2006, 17:54 lukt nog steeds niet
jurgenv 11 September 2006, 18:06 lukt nog steeds niet
Komen ze terug ofzo? Heb je wel de volledige rechten?
RobinS 16 October 2006, 17:06 dit komt er dan op het scherm als ik op fix checked heb geduwd
jurgenv 16 October 2006, 17:12 Voer de volgende stap eens uit in veilige modus:
Open Kladblok.
Kopieer de onderstaande vetgedrukte tekst en plak deze in een nieuw document.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
Kies Bestand -> Opslaan
Selecteer bij "Opslaan in": Bureaublad
Vul bij "Bestandsnaam" in: fix.reg
Selecteer bij "Opslaan als type": Alle bestanden
Klik op "Opslaan".
Dubbelklik op fix.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.
Start de pc opnieuw op en post een nieuw hijackthis logje hier
RobinS 29 October 2006, 14:41 Logfile of HijackThis v1.99.1
Scan saved at 13:41:02, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 29 October 2006, 15:33 Hoe is het toch mogelijk? :damn:
Probeer nog eens in veilige modus te fixen met ALLE beveiligingssoftware uitgeschakeld.
RobinS 27 December 2006, 18:34 Logfile of HijackThis v1.99.1
Scan saved at 17:33:21, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 27 December 2006, 18:48 * Ga naar start==>configuratiescherm==>software en deïnstalleer: Mywebsearch
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Heb je nog meerdere accounts oop je pc soms?
RobinS 28 December 2006, 11:14 sorry maar bij software vind ik nergens Mywebsearch maar wel bij programma files wat moet ik nu doen ik heb nog nx verwijdert of zo
RobinS 28 December 2006, 11:36 ja ik heb nog andere acounts op mijn pc 3 namelijk
hier is nog een logje om te kijken of ik nu de juiste java heb
Logfile of HijackThis v1.99.1
Scan saved at 10:35:42, on 28/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
jurgenv 28 December 2006, 14:28 sorry maar bij software vind ik nergens Mywebsearch maar wel bij programma files wat moet ik nu doen ik heb nog nx verwijdert of zo
Verwijder de map dan. :)
Probeer eens op de andere accounts die regels te fixen.
RobinS 30 December 2006, 14:39 ok zal ik doen maar wat doet Mywebsearch eigenlijk
is dit schadelijk of zo
RobinS 30 December 2006, 14:42 dit kwam op het scherm toen ik het wou verwijderen
jurgenv 30 December 2006, 15:13 Ik denk dat je eerder iets verkeerd doet.
Open HijackThis, klik op Config en dan op Misc Tools
Klik op "Open Uninstall Manager"
Klik op "Save List" (maakt logbestandje aan: uninstall_list.txt)
Klik op Save, kopieer en plak de resultaten hier met een nieuw hijackthis logje.
RobinS 30 December 2006, 15:24 Ad-Aware SE Personal
Adobe Acrobat 5.0
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893066)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB908531)
Beveiligingsupdate voor Windows XP (KB911280)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913433)
Beveiligingsupdate voor Windows XP (KB913446)
RobinS 30 December 2006, 15:25 Logfile of HijackThis v1.99.1
Scan saved at 14:25:08, on 30/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 30 December 2006, 15:30 en dit komt ook altijd op het scherm als ik die shopper reports wil verwijderen
en dan klik ik op ja
jurgenv 30 December 2006, 15:33 Post eens de volledige lijst hier aub.
RobinS 31 December 2006, 20:50 hoe bedoel je
dat is alles wat ik te zien kreeg
jurgenv 31 December 2006, 21:49 Ad-Aware SE Personal
Adobe Acrobat 5.0
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893066)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB908531)
Beveiligingsupdate voor Windows XP (KB911280)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913433)
Beveiligingsupdate voor Windows XP (KB913446)
Ik bedoel van dit.
RobinS 3 January 2007, 16:16 Ad-Aware SE Personal
Adobe Acrobat 5.0
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893066)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB908531)
Beveiligingsupdate voor Windows XP (KB911280)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913433)
Beveiligingsupdate voor Windows XP (KB913446)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB916281)
Beveiligingsupdate voor Windows XP (KB917159)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917422)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918439)
Beveiligingsupdate voor Windows XP (KB918899)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920213)
Beveiligingsupdate voor Windows XP (KB920214)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921398)
Beveiligingsupdate voor Windows XP (KB921883)
Beveiligingsupdate voor Windows XP (KB922616)
Beveiligingsupdate voor Windows XP (KB922760)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923694)
Beveiligingsupdate voor Windows XP (KB923980)
Beveiligingsupdate voor Windows XP (KB924191)
Beveiligingsupdate voor Windows XP (KB924270)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB925454)
Beveiligingsupdate voor Windows XP (KB925486)
Beveiligingsupdate voor Windows XP (KB926255)
Delta Force - Black Hawk Down
Delta Force Land Warrior Demo
Disney's Extremely Goofy Skateboarding Preview
Dukes of Hazzard
Electronic Arts Game Updater
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-printersoftware
ESC66 Gebruikershandleiding
ESC66 Softwarehandleiding
F-22 Raptor
GameSpy Arcade
GMail Drive Shell Extension
Google Earth
Grand Theft Auto Vice City
GTA2
HijackThis 1.99.1
ILLEGAL STREET RACING
Java(TM) SE Runtime Environment 6
Kellogg's FROSTIES RACING GAME
KetnetKick Startermachine
KetnetKick V1.06.13
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Markant 1
Microsoft Motocross Madness
Microsoft Office XP Professional
Microsoft Zoo Tycoon
Monopoly
Mozilla Firefox (1.5)
Need For Speed - Porsche 2000
Need for Speed Underground 2
Norman Personal Firewall 1.42
Norman Virus Control
NovaWorld
OLYMPUS CAMEDIA Master 4.1
Pinnacle InstantCD/DVD Suite
QuickTime
Realtek AC'97 Audio
Roller Coaster World 3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanToWeb
SpywareBlaster v3.5.1
Strike Fighters: Project 1
Tachyon Demo
UniChromeII Graphics Driver and Utilities
Update voor Windows XP (KB894391)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB916595)
Update voor Windows XP (KB920872)
Update voor Windows XP (KB922582)
USB Cockpit
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Toolbar
jurgenv 3 January 2007, 16:20 * Open hijackthis en vink volgende regels aan:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Verwijder volgende map indien aanwezig:
C:\Program Files\MyWebSearch
* Post dan een nieuw hijackthis logje hier.
(heb je nu al die regels geprobeerd te fixen op die andere accounts?)
RobinS 13 January 2007, 20:06 Logfile of HijackThis v1.99.1
Scan saved at 19:05:57, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
RobinS 13 January 2007, 20:10 bij de andre acounts krijg ik ze ook nie weg
jurgenv 13 January 2007, 20:23 Voer nog eens volgend script in in Avenger en zorg dat het script iet per ongeluk veranderd wordt want dat zou het kunnen verpesten.
folders to delete:
C:\Program Files\ShopperReports
registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{946B3E9E-E21A-49C8-9F63-900533FAFE15}
RobinS 17 January 2007, 16:50 u bedoelt niet zeker ipv iet
RobinS 17 January 2007, 16:52 wilt u nog eens uitleggen hoe ik da moet doen bij avenger
jurgenv 17 January 2007, 18:02 wilt u nog eens uitleggen hoe ik da moet doen bij avenger
Kijk paar post terug in dit topic. :)
RobinS 17 January 2007, 22:31 file:///C:/DOCUME%7E1/Robin/LOCALS%7E1/Temp/moz-screenshot.jpg
file:///C:/DOCUME%7E1/Robin/LOCALS%7E1/Temp/moz-screenshot-1.jpg
dan komt dit opt scherm
jurgenv 17 January 2007, 22:39 Je moet je afbeelding eerst uploaden...
RobinS 20 January 2007, 12:05 het lukt niet met avenger altijd zo een stomme error
jurgenv 20 January 2007, 15:24 Wat staat er dan in die Error? Ik vrees dat je iets verkeerd doet en daarom komen die regels telkens terug, je hebt dus twee accounts, Kan je eventjes 1 Account maken die dan ook direct de admin account is?
RobinS 21 February 2007, 09:54 sorry voor mijn laate reactie ik was namelijk op vakantie maar ik heb dus 3 acounts mar ik weet niet goe ho ege da als administrator moe zette ma ik zal is probere
jurgenv 21 February 2007, 14:17 Download de Registry Search tool door op het "harde schijfe" icoontje te klikken halverwege de pagina:
http://www.billsway.com/vbspage/
Sla het op op je bureaublad. als je een waarschuwing krijgt van je antivirus over scripting laat het dan toe! Nu, zoek naar het volgende: 946B3E9E-E21A-49C8-9F63-900533FAFE15 en klik op OK. Post het logje van het tooltje hier.
RobinS 23 February 2007, 20:14 REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "946B3E9E-E21A-49C8-9F63-900533FAFE15" 23/02/2007 19:13:20
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}]
[HKEY_USERS\S-1-5-21-776561741-1035525444-839522115-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
"{946B3E9E-E21A-49c8-9F63-900533FAFE15}"=dword:00002002
[HKEY_USERS\S-1-5-21-776561741-1035525444-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
[HKEY_USERS\S-1-5-21-776561741-1035525444-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE15}\iexplore]
jurgenv 23 February 2007, 22:15 Open Kladblok.
Kopieer de onderstaande vetgedrukte tekst en plak deze in een nieuw document.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}]
[HKEY_USERS\S-1-5-21-776561741-1035525444-839522115-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
"{946B3E9E-E21A-49c8-9F63-900533FAFE15}"=-
[-HKEY_USERS\S-1-5-21-776561741-1035525444-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE15}]
Kies Bestand -> Opslaan
Selecteer bij "Opslaan in": Bureaublad
Vul bij "Bestandsnaam" in: fix.reg
Selecteer bij "Opslaan als type": Alle bestanden
Klik op "Opslaan".
Dubbelklik op fix.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.
Start de pc opnieuw op en post een nieuw hijackthis logje hier
RobinS 13 March 2007, 18:07 Logfile of HijackThis v1.99.1
Scan saved at 17:06:55, on 13/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin.PCSLECHTEN\Bureaublad\HijackThis.ex e
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?cbc72edbeeef45178b5f22ab55368092
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?cbc72edbeeef45178b5f22ab55368092
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
jurgenv 13 March 2007, 18:27 Voila, ze zijn verdwenen. :)
11 Pagina's, en nu wil ik je niet meer zien. :evil: :p
RobinS 14 March 2007, 20:00 heel fel bedank ze
jurgenv 14 March 2007, 20:39 Graag gedaan. :)
|
|