Volledige versie bekijken : HELP! Trojan op men PC.
200016v 27 December 2007, 01:17 Hello,
Kan iemand me helpen?
Sinds deze morgend is men PC supertraag.
Effe gescand, en nu blijkt er een trojan aanwezig.
Hier een log van hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:43, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\regsvr32.exe
H:\VIRUSfighter\bin\ZLH.EXE
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin\Nostromo\nost_LM.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\WINDOWS\System32\alg.exe
H:\VIRUSfighter\Npm\Bin\Zanda.exe
H:\WINDOWS\System32\svchost.exe
H:\VIRUSfighter\Nvc\BIN\NIP.EXE
H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
H:\VIRUSfighter\Nvc\bin\nvcoas.exe
H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\VIRUSfighter\Nvc\bin\cclaw.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\VIRUSfighter\Nvc\Bin\Nvcut.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - H:\WINDOWS\system32\awttrom.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zqbyxmbk] rundll32.exe "H:\Program Files\zqbyxmbk\lubyjwfy.dll",Init
O4 - HKLM\..\Run: [gtwbgzuh] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\gtwbgzuh.dll"
O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [xinkfuvo] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\xinkfuvo.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [to8Hkto8Hk] rundll32.exe "H:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195401160109
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O20 - Winlogon Notify: awttrom - H:\WINDOWS\SYSTEM32\awttrom.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 10257 bytes
Kan deze er nog afgehaald worden?
Alvast bedankt.
jurgenv 27 December 2007, 01:22 * Download en bewaar SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
op je bureaublad.
Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)
In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
Typ Y om het clean proces te starten.
het verwijderd alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.
200016v 27 December 2007, 01:49 Thx voor de snelle reaktie.
Hier log van SDfix
SDFix: Version 1.119
Run by Joeri on do 27/12/2007 at 00:35
Microsoft Windows XP [versie 5.1.2600]
Running From: H:\DOCUME~1\Joeri\BUREAU~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
H:\Program Files\Helper\Helper9.dll - Deleted
H:\DOCUME~1\Joeri\LOCALS~1\Temp\removalfile.bat - Deleted
H:\WINDOWS\system32\winsys.exe - Deleted
Folder H:\Program Files\Helper - Removed
Removing Temp Files...
ADS Check:
H:\WINDOWS
No streams found.
H:\WINDOWS\system32
No streams found.
H:\WINDOWS\system32\svchost.exe
No streams found.
H:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 00:41:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"="H:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"H:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="H:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled: Crysis_32"
"H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"="H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe:*:Enabled:CrysisDedicatedServer_32"
"H:\\WINDOWS\\system32\\PnkBstrA.exe"="H:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkB strA"
"H:\\WINDOWS\\system32\\PnkBstrB.exe"="H:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkB strB"
"H:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="H:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"H:\\DOCUME~1\\Joeri\\LOCALS~1\\Temp\\win149.exe"="H:\\DOCUME~1\\Joeri\\LOCALS~1\\Temp\\win149.exe:*: Enabled:win149"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - H:\DOCUME~1\Joeri\BUREAU~1\SDFix\backups\backups.z ip
Files with Hidden Attributes:
Sun 18 Nov 2007 0 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP
Wed 12 Dec 2007 0 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\B04031~1\BIT2.TMP
Mon 24 Dec 2007 2,834 ...HR --- H:\DOCUME~1\JOERI\APPLIC~1\SECUROM\USERDATA\SECURO ~1.BAK
Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH1\LOCK.TMP
Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH2\LOCK.TMP
Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH3\LOCK.TMP
Wed 26 Dec 2007 8 A..H. --- H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OC\CHANNELS \CH4\LOCK.TMP
Finished!
En van hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:46:25, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
H:\VIRUSfighter\Npm\Bin\Zanda.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
H:\VIRUSfighter\Nvc\bin\nvcoas.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\VIRUSfighter\Npm\bin\ZLH.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin\Nostromo\nost_LM.exe
H:\VIRUSfighter\Nvc\BIN\NIP.EXE
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\VIRUSfighter\Nvc\bin\cclaw.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - H:\WINDOWS\system32\awttrom.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zqbyxmbk] rundll32.exe "H:\Program Files\zqbyxmbk\lubyjwfy.dll",Init
O4 - HKLM\..\Run: [gtwbgzuh] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\gtwbgzuh.dll"
O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [xinkfuvo] regsvr32 /u "H:\Documents and Settings\All Users\Application Data\xinkfuvo.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195401160109
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O20 - Winlogon Notify: awttrom - H:\WINDOWS\SYSTEM32\awttrom.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9962 bytes
Men pc is in ieder geval al terug op snelheid.
jurgenv 27 December 2007, 01:52 Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
200016v 27 December 2007, 02:09 Log van combofix
ComboFix 07-12-21.4 - Joeri 2007-12-27 0:56:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2587 [GMT 1:00]
Gestart vanuit: H:\Documents and Settings\Joeri\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\WINDOWS\PerfInfo
H:\WINDOWS\system32\awttrom.dll
H:\WINDOWS\system32\drvdadr.dll
H:\WINDOWS\system32\wvurppm.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
.
2007-12-27 00:34 . 2007-12-27 00:34 <DIR> d-------- H:\WINDOWS\ERUNT
2007-12-27 00:33 . 2007-11-18 03:51 <DIR> d--h----- H:\Documents and Settings\Administrator\Sjablonen
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d--h----- H:\Documents and Settings\Administrator\Onlangs geopend
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d--h----- H:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Mijn documenten
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> dr------- H:\Documents and Settings\Administrator\Menu Start
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Favorieten
2007-12-27 00:33 . 2007-11-18 04:46 <DIR> d-------- H:\Documents and Settings\Administrator\Bureaublad
2007-12-27 00:10 . 2007-12-27 00:10 <DIR> d-------- H:\Program Files\Trend Micro
2007-12-26 23:48 . 2007-12-26 23:48 <DIR> d-------- H:\Documents and Settings\LocalService\Menu Start
2007-12-26 23:47 . 2007-12-26 23:52 <DIR> d-------- H:\Program Files\Ojpgypau
2007-12-26 23:42 . 2007-09-21 10:35 116,416 --a------ H:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-12-26 23:42 . 2007-09-21 10:35 91,328 --a------ H:\WINDOWS\system32\drivers\msfwdrv.sys
2007-12-26 23:42 . 2007-07-06 16:09 70,928 --a------ H:\WINDOWS\system32\drivers\MpFilter.sys
2007-12-26 23:41 . 2007-12-26 23:41 <DIR> d-------- H:\WINDOWS\system32\bits
2007-12-26 23:41 . 2007-03-29 14:01 7,168 -----c--- H:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-26 23:41 . 2007-03-29 14:01 7,168 --------- H:\WINDOWS\system32\bitsprx4.dll
2007-12-26 23:38 . 2007-12-26 23:54 <DIR> d-------- H:\Program Files\Microsoft Windows OneCare Live
2007-12-26 22:28 . 2007-07-09 10:50 19,000 --a------ H:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-12-26 22:27 . 2007-12-27 01:02 <DIR> d-------- H:\VIRUSfighter
2007-12-26 22:11 . 2007-12-26 22:11 31,232 --a------ H:\Program Files\1010.exe
2007-12-26 22:09 . 2007-12-26 22:09 <DIR> d-------- H:\WINDOWS\ppqvmpqr
2007-12-26 22:09 . 2007-12-27 00:32 <DIR> d-------- H:\Program Files\zqbyxmbk
2007-12-26 22:09 . 2007-12-27 00:32 <DIR> d-------- H:\Program Files\Qfcwrntl
2007-12-10 14:35 . 2007-12-10 14:35 <DIR> d-------- H:\Program Files\Free Audio Pack
2007-12-10 13:35 . 2007-12-10 13:35 <DIR> d-------- H:\Program Files\GameSpy
2007-12-10 13:35 . 2007-12-10 13:35 22,328 --a------ H:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-10 13:35 . 2007-12-10 13:35 22,328 --a------ H:\Documents and Settings\Joeri\Application Data\PnkBstrK.sys
2007-12-10 13:34 . 2007-12-10 13:34 669,184 --a------ H:\WINDOWS\system32\pbsvc.exe
2007-12-10 13:34 . 2007-12-10 13:34 103,736 --a------ H:\WINDOWS\system32\PnkBstrB.exe
2007-12-10 13:34 . 2007-12-10 13:34 66,872 --a------ H:\WINDOWS\system32\PnkBstrA.exe~
2007-12-10 11:54 . 2007-12-10 11:54 <DIR> d-------- H:\WINDOWS\nview
2007-12-10 11:54 . 2007-10-04 17:14 356,352 --a------ H:\WINDOWS\system32\nvudisp.exe
2007-12-10 11:54 . 2007-12-10 11:55 140,158 --a------ H:\WINDOWS\system32\nvapps.xml
2007-12-10 11:27 . 2007-12-10 11:29 <DIR> d-------- H:\WINDOWS\NV37642120.TMP
2007-12-07 22:21 . 2007-12-07 22:21 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\Hewlett-Packard
2007-12-07 22:20 . 2004-08-03 22:58 15,104 --a------ H:\WINDOWS\system32\drivers\usbscan.sys
2007-12-07 22:20 . 2004-08-03 22:58 15,104 --a--c--- H:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-07 22:19 . 2007-12-07 22:19 <DIR> d-------- H:\Program Files\Common Files\Hewlett-Packard
2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\temp\HP All-in-One Series Web Release
2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\temp
2007-12-07 22:18 . 2007-12-07 22:18 <DIR> d-------- H:\Program Files\Hewlett-Packard
2007-12-07 22:18 . 2007-12-07 22:19 19,558 --a------ H:\WINDOWS\hpoins01.dat
2007-12-07 22:18 . 2003-04-22 23:51 16,606 --------- H:\WINDOWS\hpomdl01.dat
2007-12-07 22:17 . 2004-08-03 23:01 25,856 --a------ H:\WINDOWS\system32\drivers\usbprint.sys
2007-12-07 22:17 . 2004-08-03 23:01 25,856 --a--c--- H:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-07 10:02 . 2007-12-27 00:07 69 --a------ H:\WINDOWS\NeroDigital.ini
2007-12-04 20:43 . 2004-07-26 17:16 1,568,768 --------- H:\WINDOWS\system32\ImagX7.dll
2007-12-04 20:43 . 2004-07-26 17:16 476,320 --------- H:\WINDOWS\system32\ImagXpr7.dll
2007-12-04 20:43 . 2004-07-26 17:16 471,040 --------- H:\WINDOWS\system32\ImagXRA7.dll
2007-12-04 20:43 . 2004-07-26 17:16 262,144 --------- H:\WINDOWS\system32\ImagXR7.dll
2007-12-04 20:43 . 2004-03-02 17:37 125,184 --------- H:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-04 20:43 . 2000-06-26 11:45 106,496 --a------ H:\WINDOWS\system32\TwnLib20.dll
2007-12-04 20:43 . 2004-03-02 17:37 5,504 --------- H:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-04 20:37 . 2007-12-04 20:37 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\Ahead
2007-12-04 20:36 . 2007-12-04 20:36 <DIR> d-------- H:\Documents and Settings\Joeri\Application Data\NeroVision
2007-12-04 20:36 . 2003-07-31 16:47 1,269,760 --------- H:\WINDOWS\UNNMP.exe
2007-12-04 20:36 . 2003-08-08 14:34 46,434 --------- H:\WINDOWS\UNNMP.cfg
2007-12-04 20:35 . 2003-08-05 16:53 1,273,856 --------- H:\WINDOWS\UNNeroVision.exe
2007-12-04 20:35 . 2003-08-08 14:34 75,345 --------- H:\WINDOWS\UNNeroVision.cfg
2007-12-04 20:34 . 2007-12-04 20:34 <DIR> d-------- H:\Program Files\Common Files\Ahead
2007-12-04 20:34 . 2007-12-04 20:43 <DIR> d-------- H:\Program Files\Ahead
2007-12-04 20:34 . 2001-07-06 13:41 569,344 -ra------ H:\WINDOWS\system32\imagr5.dll
2007-12-04 20:34 . 2001-07-06 11:44 544,768 -ra------ H:\WINDOWS\system32\imagx5.dll
2007-12-04 20:34 . 2001-07-06 17:24 283,920 -ra------ H:\WINDOWS\system32\ImagXpr5.dll
2007-12-04 20:34 . 2001-07-09 11:50 155,648 --a------ H:\WINDOWS\system32\NeroCheck.exe
2007-12-04 20:34 . 2001-06-26 07:15 38,912 -ra------ H:\WINDOWS\system32\picn20.dll
2007-12-01 19:49 . 2007-12-01 19:49 625 --a------ H:\WINDOWS\eReg.dat
2007-12-01 19:33 . 2007-12-01 19:33 <DIR> d-------- H:\Program Files\EA GAMES
2007-11-30 22:49 . 2007-11-30 22:49 <DIR> d-------- H:\Program Files\MSECache
2007-11-29 00:45 . 2007-11-29 00:45 324 --a------ H:\WINDOWS\game.ini
2007-11-28 21:16 . 2007-12-10 13:20 <DIR> d-------- H:\Program Files\Electronic Arts
2007-11-27 14:47 . 2007-12-26 23:38 <DIR> d-------- H:\Program Files\Windows Live Safety Center
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-26 21:27 --------- d--h--w H:\Program Files\InstallShield Installation Information
2007-12-13 17:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\AdobeUM
2007-11-27 19:54 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Bioshock
2007-11-27 19:25 --------- d-----w H:\Program Files\SystemRequirementsLab
2007-11-25 11:17 --------- d-----w H:\Program Files\QuickTime
2007-11-25 11:10 --------- d-----w H:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:09 --------- d-----w H:\Program Files\Common Files\Adobe
2007-11-25 11:09 --------- d-----w H:\Program Files\Bonjour
2007-11-24 17:44 0 ---ha-w H:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2007-11-24 17:44 0 ---ha-w H:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf
2007-11-21 14:15 --------- d-----w H:\Program Files\Common Files\Macrovision Shared
2007-11-20 17:17 --------- d-----w H:\Program Files\Common Files\Adobe Systems Shared
2007-11-19 01:13 --------- d-----w H:\Program Files\MSXML 6.0
2007-11-19 01:07 --------- d-----w H:\Program Files\Lavasoft
2007-11-19 01:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Lavasoft
2007-11-19 00:51 --------- d-----w H:\Documents and Settings\Joeri\Application Data\Media Player Classic
2007-11-19 00:49 --------- d-----w H:\Program Files\K-Lite Codec Pack
2007-11-18 19:19 --------- d-----w H:\Program Files\MSBuild
2007-11-18 19:16 --------- d-----w H:\Program Files\Reference Assemblies
2007-11-18 19:14 --------- d-----w H:\Program Files\Windows Media Connect 2
2007-11-18 18:26 --------- d-----w H:\Program Files\World of Warcraft
2007-11-18 15:10 20,747 ----a-w H:\WINDOWS\system32\drivers\AegisP.sys
2007-11-18 15:10 --------- d-----w H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-11-18 12:08 --------- d-----w H:\Program Files\Windows Live Toolbar
2007-11-18 09:43 --------- d-----w H:\Program Files\Common Files\Blizzard Entertainment
2007-11-18 02:53 --------- d-----w H:\Program Files\microsoft frontpage
2007-11-18 01:18 --------- d-----w H:\Program Files\Windows Live
2007-11-18 01:16 --------- d-----w H:\Program Files\Lavalys
2007-11-18 01:15 --------- dcsh--w H:\Program Files\Common Files\WindowsLiveInstaller
2007-11-18 01:15 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-18 01:12 --------- d-----w H:\Program Files\Common Files\InstallShield
2007-11-18 01:12 --------- d-----w H:\Program Files\Belkin
2007-11-17 22:43 --------- d-----w H:\Program Files\THQ
2007-11-17 22:16 --------- d--h--r H:\Documents and Settings\Joeri\Application Data\SecuROM
2007-11-17 22:13 108,144 ----a-w H:\WINDOWS\system32\CmdLineExt.dll
2007-11-17 22:07 --------- d-----w H:\Program Files\2K Games
2007-11-17 22:07 --------- d-----w H:\Documents and Settings\Joeri\Application Data\InstallShield
2007-11-17 21:33 --------- d-----w H:\Program Files\ASUS
2007-11-17 21:27 --------- d-----w H:\Program Files\Realtek
2007-11-17 21:21 --------- d-----w H:\Program Files\Attansic
2007-11-17 21:17 315,392 ----a-w H:\WINDOWS\HideWin.exe
2007-11-17 21:03 --------- d-----w H:\Program Files\Intel
2007-11-13 10:25 20,480 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w H:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w H:\WINDOWS\system32\wmasf.dll
2007-10-24 00:47 96,760 ----a-w H:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w H:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w H:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w H:\WINDOWS\system32\mscorier.dll
2007-10-22 02:39 267,272 ----a-w H:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w H:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 10:31 51,224 ----a-w H:\WINDOWS\system32\sirenacm.dll
2007-10-12 14:14 3,734,536 ----a-w H:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w H:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 08:55 88,576 ----a-w H:\WINDOWS\system32\infocardapi.dll
2007-10-11 08:55 579,584 ----a-w H:\WINDOWS\system32\icardagt.exe
2007-10-11 08:55 11,776 ----a-w H:\WINDOWS\system32\icardres.dll
2007-10-09 12:03 779,800 ----a-w H:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 12:03 73,752 ----a-w H:\WINDOWS\system32\dxva2.dll
2007-10-09 12:03 493,080 ----a-w H:\WINDOWS\system32\evr.dll
2007-10-09 12:03 350,744 ----a-w H:\WINDOWS\system32\PresentationHost.exe
2007-10-09 12:03 33,304 ----a-w H:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 12:03 161,304 ----a-w H:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 12:03 106,520 ----a-w H:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2007-10-09 12:03 1,986,072 ----a-w H:\WINDOWS\system32\milcore.dll
2007-10-09 11:58 16,896 ----a-w H:\WINDOWS\system32\tswpfwrp.exe
2007-10-04 16:14 81,920 ----a-w H:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w H:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w H:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w H:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w H:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w H:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w H:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w H:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w H:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w H:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w H:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w H:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w H:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w H:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w H:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w H:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w H:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w H:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w H:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w H:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w H:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w H:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w H:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w H:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w H:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w H:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w H:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w H:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w H:\WINDOWS\system32\nvvitvsr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
H:\Program Files\Ojpgypau\vxhthekv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="H:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"updateMgr"="H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X IDE Setup"="H:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36]
"36X Raid Configurer"="H:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 H:\WINDOWS\RTHDCPL.exe]
"Ai Nap"="H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" []
"WinSys2"="H:\WINDOWS\system32\winsys2.exe" [2006-04-29 04:36]
"Acrobat Assistant 7.0"="H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 H:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 H:\WINDOWS\system32\rundll32.exe]
"Norman ZANDA"="H:\VIRUSfighter\Npm\bin\ZLH.exe" [2007-08-09 14:40]
"OneCareUI"="H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
H:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - H:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2007-11-20 18:19:30]
Adobe Gamma.lnk - H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
hp psc 1000 series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38]
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
Loadout Manager.lnk - H:\Program Files\Belkin\Nostromo\nost_LM.exe [2002-06-14 12:50:42]
Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
@="Service"
R1 MSFWHLPR;MSFWHLPR;H:\WINDOWS\system32\DRIVERS\msfw hlpr.sys [2007-09-21 10:35]
R2 MSFWDrv;MSFWDrv;H:\WINDOWS\system32\DRIVERS\msfwdr v.sys [2007-09-21 10:35]
R2 msfwsvc;OneCare Firewall;"H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [2007-09-21 10:35]
R2 Ndiskio;Ndiskio;H:\VIRUSfighter\Nse\bin\NDISKIO.SY S [2007-01-02 10:55]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [2007-07-13 17:58]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;H:\WINDOWS\system32\DRIVERS\atl01_xp.sy s [2007-03-15 15:12]
R3 bcgame;Nostromo HID Device Minidriver;H:\WINDOWS\system32\DRIVERS\BCGAME.SYS [2002-04-12 14:44]
R3 bcgbus;Nostromo USB Device Driver;H:\WINDOWS\system32\DRIVERS\BCGBUS.SYS [2002-04-12 14:44]
R3 HabuFltr;Habu Mouse;H:\WINDOWS\system32\drivers\habu.sys [2006-10-23 12:09]
R3 MpFilter;Microsoft Malware Protection Driver;H:\WINDOWS\system32\DRIVERS\MpFilter.sys [2007-07-06 16:09]
R3 NvcMFlt;NvcMFlt;H:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2007-07-09 10:50]
R3 nvcoas;Norman Virus Control on-access component;H:\VIRUSfighter\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 nvcfsr;nvcfsr;H:\VIRUSfighter\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl51;nvcoafl51;H:\VIRUSfighter\Nvc\bin\nvcoaf l51.sys [2007-01-09 15:25]
S3 nvcoaft51;nvcoaft51;H:\VIRUSfighter\Nvc\bin\nvcoaf t51.sys [2007-01-09 15:25]
S3 nvcoarc51;nvcoarc51;H:\VIRUSfighter\Nvc\bin\nvcoar c51.sys [2007-01-09 15:25]
*Newly Created Service* - GTNDIS5
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-07 21:21:09 H:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1197062450.job"
- H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 01:03:39
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-12-27 1:04:26 - machine was rebooted
.
2007-12-21 10:41:19 --- E O F ---
En van hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:11, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
H:\VIRUSfighter\Npm\Bin\Zanda.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\VIRUSfighter\Npm\bin\ZLH.EXE
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\Messenger\msmsgs.exe
H:\VIRUSfighter\Nvc\BIN\NIP.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin\Nostromo\nost_LM.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
H:\VIRUSfighter\Nvc\bin\nvcoas.exe
H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\WINDOWS\System32\alg.exe
H:\VIRUSfighter\Nvc\bin\cclaw.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\internet explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195401160109
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - H:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9571 bytes
jurgenv 27 December 2007, 02:12 Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:
Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:
H:\Program Files\1010.exe
H:\VIRUSfighter
H:\WINDOWS\ppqvmpqr
H:\Program Files\zqbyxmbk
H:\Program Files\Qfcwrntl
Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.
200016v 27 December 2007, 02:19 Log van Moveit
H:\Program Files\1010.exe moved successfully.
H:\VIRUSfighter\Temp\niu moved successfully.
H:\VIRUSfighter\Temp\NIP moved successfully.
H:\VIRUSfighter\Temp\mimescan moved successfully.
H:\VIRUSfighter\Temp moved successfully.
H:\VIRUSfighter\tasks moved successfully.
H:\VIRUSfighter\quarantine moved successfully.
H:\VIRUSfighter\Qtn\Bin moved successfully.
H:\VIRUSfighter\Qtn moved successfully.
H:\VIRUSfighter\Nvc\Config moved successfully.
Folder cleanup failed. H:\VIRUSfighter\Nvc\Bin scheduled to be deleted on reboot.
Folder cleanup failed. H:\VIRUSfighter\Nvc scheduled to be deleted on reboot.
H:\VIRUSfighter\Nse\Bin moved successfully.
H:\VIRUSfighter\Nse moved successfully.
H:\VIRUSfighter\npm\Info moved successfully.
H:\VIRUSfighter\npm\config moved successfully.
Folder cleanup failed. H:\VIRUSfighter\npm\bin scheduled to be deleted on reboot.
Folder cleanup failed. H:\VIRUSfighter\npm scheduled to be deleted on reboot.
H:\VIRUSfighter\npf\bin moved successfully.
H:\VIRUSfighter\npf moved successfully.
H:\VIRUSfighter\Msg moved successfully.
H:\VIRUSfighter\Logs moved successfully.
H:\VIRUSfighter\Download moved successfully.
H:\VIRUSfighter\Config moved successfully.
Folder cleanup failed. H:\VIRUSfighter scheduled to be deleted on reboot.
H:\WINDOWS\ppqvmpqr moved successfully.
H:\Program Files\zqbyxmbk moved successfully.
H:\Program Files\Qfcwrntl moved successfully.
Created on 12/27/2007 01:14:19
En van hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:51, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin\Nostromo\nost_LM.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\internet explorer\iexplore.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - H:\Program Files\Ojpgypau\vxhthekv.dll (file missing)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] H:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [OneCareUI] "H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Loadout Manager.lnk = H:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195401160109
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - H:\VIRUSfighter\Npm\bin\ELOGSVC.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norman NJeeves - Unknown owner - H:\VIRUSfighter\Npm\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - H:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - H:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - H:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 9104 bytes
jurgenv 27 December 2007, 02:21 * Open hijackthis en vink volgende regel aan:
O4 - HKLM\..\Run: [WinSys2] H:\WINDOWS\system32\winsys2.exe
* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* Voer dan een schijfdefragmentatie uit, daarna vertel je me hoe alles verder werkt. :)
200016v 27 December 2007, 02:47 Zo op het eerste zicht werkt alles nog.
Bedankt voor de hulp!
Hoe kom ik eingenlijk aan zo een virus/trojan?
Men vriendin zit veel op allerhande sites voor artwork,lettertypes en afbeeldingen(Photoshop). Kan het daaruit voortkomen?
In ieder geval, men pc'tje werk terug, ik kan terug gamen. :)
THX!
Prettige feestdagen nog...
jurgenv 27 December 2007, 14:15 Nog een paar tips om problemen te voorkomen in de toekomst:
Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)
Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).
En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!
En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/
Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)
|
|