zoals gemeld onder "windows" m'n logje ivm met backdoor.haxdoor.b trojan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:25, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\rudi\Mijn documenten\downloads\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fjrijders.be/forum/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198502136920
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198502290935
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 7526 bytes

alvast bedankt!

Rudi

Hallo R3G,

Ik ga even voor je kijken! ;)

Hallo R3G,

Zie niets vreemds hoor... :)

1. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan, indien aanwezig:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

2. Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) en sla het op je bureaublad op.
Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij 'Prompt bij actie'.
Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post, tesamen met een nieuwe log van HijackThis.
- Niek

dr web heeft niets gevonden dus kon ook geen rapport selecteren.
Hier m'n nieuwe hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:12, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\rudi\Mijn documenten\downloads\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fjrijders.be/forum/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198502136920
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198502290935
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 6592 bytes


grtz
Rudi

Hallo Rudi,

Ik zie alsnog geen sporen van een trojan. Wel zie ik dat je 2 virusscanners gebruikt. Dit is af te raden, omdat dit je systeem (flink) kan vertragen. - Waarom wordt de trojan precies gevonden?

1. Maak daarom een keuze tussen AVG Free en NOD32 en verwijder de andere via Start -- Configuratiescherm -- Software.

2. * Leeg de Cache and Cookies in IE:
Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
Ga naar Extra > Opties.
Klik Privacy in het menu.
Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten.* Leeg andere Temporary files + Prullenbak
Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden'en 'prullenbak'staan aangevinkt.
Klik daarna op OK.3. Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan, indien aanwezig:
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

- Niek :cool:

omdat ik hitmanpro eens geprobeerd had was nod32 nog blijven hangen, maar is nu weg.
Heb alles uitgevoerd, zal ff afwachten.
Is nu al enkele dagen geleden dat ik het blauw scherm ben tegengekomen, gisteren zat de pc wel vast omwille van een dll bestand dat hij niet vond.
Indien dit terugkeert zal ik dit eens meegeven welke foutmelding dit juist was.

Alvast bedankt voor de moeite!

Rudi

We horen het wel! ;) - Als er niets meer optreedt, wil je dit dan ook even laten weten?

vandaag terug blauw scherm met dezelfde vermelding en terug moeten rebooten. Blijkbaar nog geen stap verder.
Dit zal nog ff zoeken zijn :-(

Rudi

1. Ga naar Start -- Uitvoeren. Typ daar vervolgens het volgende (dikgedrukte) in:
regedit /a C:\look.txt
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"Druk op OK.

2. Download Deckard's System Scanner (http://www.techsupportforum.com/sectools/Deckard/dss.exe) naar je Bureaublad.
Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.

Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

3. Kan jij mij ook de omschrijvende foutmelding geven?

http://faq.tweakers.net/wos/howto/bsodguide/bsod_big.gif


- Niek :cool:

log van dss

Deckard's System Scanner v20071014.68
Run by rudi on 2008-01-27 11:13:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-01-27 10:13:21 UTC - RP74 - Deckard's System Scanner Restore Point
13: 2008-01-25 19:40:21 UTC - RP73 - Google Earth geïnstalleerd.
12: 2008-01-25 19:17:19 UTC - RP72 - Installed Garmin MapSource
11: 2008-01-25 19:08:19 UTC - RP71 - Geïnstalleerd: Garmin City Navigator Europe NT v9
10: 2008-01-21 21:01:02 UTC - RP70 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-01-12 19:49:22 UTC - RP61 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as rudi.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:18, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\rudi\Mijn documenten\downloads\deckardssystemscanner.exe
C:\DOCUME~1\rudi\MIJNDO~1\DOWNLO~1\HIJACK~1\rudi.e xe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fjrijders.be/forum/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198502136920
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198502290935
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 6401 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\rudi\MIJNDO~1\DOWNLO~1\HIJACK~1\backu ps\) --------------------------------------------------------------------------------
backup-20080121-201952-408 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080123-205008-207 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
-- File Associations -----------------------------------------------------------
.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 bb3pdrv - c:\windows\system32\bb3pdrv.sys <Not Verified; Hardest S.r.l.; bite-board CUBE PRO>
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: PRISM 802.11g Wireless Adapter (3890)
Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_001417CF&REV_01\4&3A321F38&0&30F0
Manufacturer: Intersil Americas Inc.
Name: PRISM 802.11g Wireless Adapter (3890)
PNP Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_001417CF&REV_01\4&3A321F38&0&30F0
Service: PRISM_A00

-- Scheduled Tasks -------------------------------------------------------------
2007-12-25 23:21:27 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------
2008-01-25 20:40:33 0 d-------- C:\Program Files\Google
2008-01-25 20:40:33 0 d-------- C:\Documents and Settings\rudi\Application Data\Google
2008-01-25 20:17:35 0 d-------- C:\Documents and Settings\rudi\Application Data\GARMIN
2008-01-25 20:12:53 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2008-01-25 20:12:53 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2008-01-25 20:12:53 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2008-01-21 20:24:43 0 d-------- C:\Documents and Settings\rudi\DoctorWeb
2008-01-20 19:27:00 164 --a------ C:\install.dat
2008-01-20 19:20:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 19:19:39 0 d-------- C:\Temp
2008-01-20 19:06:58 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-01-20 19:06:48 0 d-------- C:\Program Files\Hitman Pro
2008-01-20 18:18:04 0 d-------- C:\WINDOWS\STPV temp
2008-01-20 17:23:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 20:33:09 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-01-18 20:33:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-18 20:33:09 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-01-18 20:33:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-18 20:33:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-18 20:33:08 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-01-18 20:33:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-18 20:33:08 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-01-18 20:33:08 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-18 20:33:08 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-01-18 20:33:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-18 20:33:08 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-01-18 20:33:08 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-01-18 20:33:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-18 20:30:06 63162940 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-01-16 22:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-16 22:23:40 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-16 21:59:15 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 10:59:43 0 d-------- C:\WINDOWS\Sun
2008-01-08 10:59:42 0 d-------- C:\Documents and Settings\rudi\Application Data\Sun
2008-01-06 19:51:07 0 d-------- C:\Documents and Settings\rudi\Application Data\SPAMfighter
2008-01-06 19:50:55 0 d-------- C:\Program Files\Common Files\Ankiro
2008-01-06 19:50:34 0 d-------- C:\Program Files\Common Files\Application
2008-01-06 19:50:11 0 d-------- C:\Program Files\SPAMfighter
2008-01-04 20:27:25 0 d-------- C:\CH3xNAS_V2 (D)
2008-01-04 20:23:21 0 d-------- C:\Documents and Settings\rudi\Application Data\DAEMON Tools
2008-01-04 20:19:23 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-03 20:02:18 0 d-------- C:\Program Files\Spamihilator
2007-12-29 20:45:29 0 d--h----- C:\WINDOWS\PIF
2007-12-29 20:45:01 0 d-------- C:\Documents and Settings\rudi\Application Data\Acronis
2007-12-29 20:43:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2007-12-29 20:40:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2007-12-29 20:38:54 0 d-------- C:\Program Files\Acronis
2007-12-29 20:26:47 0 dr-h----- C:\$VAULT$.AVG
2007-12-29 19:11:30 0 d-------- C:\Documents and Settings\rudi\Shared
2007-12-29 19:11:26 0 d-------- C:\Documents and Settings\rudi\Incomplete
2007-12-29 19:09:43 0 d-------- C:\Documents and Settings\rudi\Application Data\LimeWire
2007-12-29 19:08:15 0 d-------- C:\Program Files\Java
2007-12-29 19:07:51 0 d-------- C:\Program Files\Common Files\Java
2007-12-29 19:07:29 0 d-------- C:\Program Files\LimeWire
2007-12-28 20:13:53 0 d-------- C:\Program Files\Double Driver
2007-12-27 23:16:14 0 d-------- C:\Program Files\MSXML 6.0
2007-12-27 21:59:02 0 d-------- C:\Documents and Settings\rudi\Application Data\Ahead
2007-12-27 21:19:26 0 d-------- C:\Program Files\AutoCAD LT 2008
2007-12-27 21:19:26 0 d-------- C:\Documents and Settings\rudi\Application Data\Autodesk
2007-12-27 21:19:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-27 21:18:14 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-27 21:18:14 0 d-------- C:\Program Files\Autodesk
2007-12-27 19:42:37 65536 --a------ C:\WINDOWS\qt3wrap.dll
2007-12-27 19:42:37 335360 --a------ C:\WINDOWS\Imw32d30.dll <Not Verified; Imagine Software Solutions, Inc.; >
2007-12-27 19:42:37 12288 --a------ C:\WINDOWS\impborl.dll
2007-12-27 19:42:37 471552 --a------ C:\WINDOWS\FJR.scr <Not Verified; MacSourcery; ScreenTime Photo & Video Screen Saver Engine - Unlimited Distribution License>
2007-12-27 16:33:18 0 d-------- C:\Program Files\MSXML 4.0

-- Find3M Report ---------------------------------------------------------------
2008-01-27 11:12:17 0 d-a------ C:\Documents and Settings\rudi\Application Data\AVG7
2008-01-27 10:57:02 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{1EF86959-6906-4A0A-AD60-41C22DAC5A62}
2008-01-27 10:56:54 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-01-21 21:31:44 0 d-------- C:\Program Files\Common Files
2008-01-20 19:16:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-16 22:00:46 512590 --a------ C:\WINDOWS\system32\perfh013.dat
2008-01-16 22:00:46 98822 --a------ C:\WINDOWS\system32\perfc013.dat
2007-12-27 16:34:24 0 d-------- C:\Program Files\Messenger
2007-12-26 18:48:16 0 d-------- C:\Program Files\MSECACHE
2007-12-26 00:23:59 0 d-------- C:\Program Files\CCleaner
2007-12-25 23:22:52 0 d-------- C:\Program Files\iTunes
2007-12-25 23:22:42 0 d-------- C:\Program Files\iPod
2007-12-25 23:21:22 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 23:20:54 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 23:12:09 0 d-------- C:\Documents and Settings\rudi\Application Data\Apple Computer
2007-12-25 22:11:45 0 d-------- C:\Program Files\Musicmatch
2007-12-25 22:11:01 0 d-------- C:\Documents and Settings\rudi\Application Data\Musicmatch
2007-12-25 22:09:40 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-25 14:24:49 0 d-------- C:\Documents and Settings\rudi\Application Data\PC Suite
2007-12-25 14:24:08 0 d-------- C:\Program Files\Nokia
2007-12-25 14:23:22 0 d-------- C:\Program Files\Common Files\PCSuite
2007-12-25 14:23:20 0 d-------- C:\Program Files\Common Files\Nokia
2007-12-25 13:48:13 0 d-------- C:\Documents and Settings\rudi\Application Data\Help
2007-12-25 13:28:10 0 d-------- C:\Program Files\ING
2007-12-25 13:11:31 0 d-------- C:\Program Files\Microsoft Encarta
2007-12-25 13:04:27 0 d-------- C:\Program Files\Microsoft Hardware
2007-12-25 12:53:21 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{267E406E-440D-4CDD-AABA-AD4D629DA7D5}
2007-12-25 12:38:55 0 d-------- C:\Program Files\Microsoft Works
2007-12-25 12:33:23 0 d-------- C:\Program Files\Microsoft Works Suite 2004
2007-12-25 12:26:55 0 d-------- C:\Program Files\Yahoo!
2007-12-25 12:12:44 0 d-------- C:\Program Files\PowerPoint Viewer
2007-12-25 11:49:21 0 d-------- C:\Program Files\ANI
2007-12-25 11:48:43 0 d-------- C:\Program Files\D-Link
2007-12-25 11:48:09 0 d-------- C:\Documents and Settings\rudi\Application Data\InstallShield
2007-12-25 10:25:40 0 d-------- C:\Program Files\Movie Maker
2007-12-25 10:16:48 0 d-------- C:\Program Files\Windows NT
2007-12-24 14:31:20 0 d-------- C:\Documents and Settings\rudi\Application Data\AdobeUM
2007-12-24 14:30:58 0 d-------- C:\Documents and Settings\rudi\Application Data\Adobe
2007-12-24 14:30:52 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-24 14:16:53 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 21:41:25 0 d-------- C:\Documents and Settings\rudi\Application Data\Macromedia
2007-12-23 21:25:44 0 d-------- C:\Documents and Settings\rudi\Application Data\MSN6
2007-12-23 21:14:22 0 d-------- C:\Program Files\QuickTime
2007-12-23 21:04:42 0 d-------- C:\Program Files\Telemeter 3.0
2007-12-23 20:49:34 2147483647 --ahs---- C:\gobackio.bin
2007-12-23 20:46:03 0 d-------- C:\Program Files\Symantec
2007-12-23 20:46:00 0 d-------- C:\Program Files\Roxio
2007-12-23 19:41:56 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-23 19:41:51 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-23 19:41:16 62 --ahs---- C:\Documents and Settings\rudi\Application Data\desktop.ini
2007-12-23 19:31:13 0 d-------- C:\Documents and Settings\rudi\Application Data\Identities
2007-12-23 19:23:59 0 d-------- C:\Program Files\microsoft frontpage
2007-12-23 19:23:33 0 -rahs---- C:\MSDOS.SYS
2007-12-23 19:23:33 0 -rahs---- C:\IO.SYS
2007-12-23 19:23:33 0 --a------ C:\CONFIG.SYS
2007-12-23 19:23:33 0 --a------ C:\AUTOEXEC.BAT
2007-12-23 19:22:10 0 d-------- C:\Program Files\Online Services
2007-12-23 19:20:48 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-23 19:20:11 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-23 19:19:21 0 d-------- C:\Program Files\MSN Gaming Zone

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [25/12/2007 09:16]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [15/04/2007 23:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 10:56]
"SoundMan"="SOUNDMAN.EXE" [13/11/2003 18:23 C:\WINDOWS\SOUNDMAN.EXE]
"PRISMSTA.EXE"="PRISMSTA.exe" [04/08/2003 18:54 C:\WINDOWS\system32\PRISMSTA.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/12/2003 12:04]
"nwiz"="nwiz.exe" [12/12/2003 12:04 C:\WINDOWS\system32\nwiz.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19/01/2007 11:49]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [14/03/2007 18:29]
"POINTER"="point32.exe" []
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [09/12/2004 12:14]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [19/01/2006 11:06]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [19/01/2006 11:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [02/01/2008 17:03]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 09:03]
"NVIEW"="nview.dll,nViewLoadHook" []
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [23/12/2007 20:46:05]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog


-- End of Deckard's System Scanner: finished at 2008-01-27 11:14:56 ----------

omschrijvende foutmelding heb ik niet opgeschreven, zal dit volgende keer doen.
wel de stop foutcode: STOP: 0x0000008E (0xC0000005, 0x804F7113, 0xB61E1B08, 0x00000000)
Via google ben ik dan te weten gekomen dat dit door die trojan komt
Heb eens de opvolgingen gedaan via de microsoft site, bij rename was er 1 lijn die hij vondt om te deleten, maar bij de registersleutels was er geen enkele lijn uit de opgegeven lijst die ik vond.

grtz
Rudi

Hallo Rudi,

Nogmaals niets vreemds te vinden, al eens aan een hardware-matig probleem gedacht? :)

Waar wordt de trojan precies gevonden?

- Niek

Hallo Rudi,

Nogmaals niets vreemds te vinden, al eens aan een hardware-matig probleem gedacht? :)

Waar wordt de trojan precies gevonden?

- Niek

sinds de format zit hij regelmatig vast, al dan niet met het blauwe scherm met de foutmelding.
Ik veronderstel dat ik niets misdoe met zoveel mogelijk ant-virus, anti-spyware en dergelijke scans te laten lopen?

Rudi

Zolang er maar geen 2 (of meer) virus-scanners actief zijn. - Ik zou je probleem eens in het sub-fora 'Hardware' plaatsen.

- Niek :cool: