Volledige versie bekijken : Wil er iemand mijn logje nakijken aub?
Antjetaz 19 June 2008, 01:14 Hallo,
Mijn pc is de laatste 2 dagen veel trager dan normaal. Soms laden de pagina's maar tot de helft of eentje laadt wel, maar wanneer ik een tweede wil openen gaat hij maar tot de helft. Ook valt het wel eens voor dat mijn balken allemaal wegvallen en wanneer ik de vensters dichtklik er alleen maar mijn lege bureaublad te zien is. dus de koppelingen die op het bureaublad staan zoals de prullenbak, antivirusscanner en dergelijke zijn allemaal weg. Zelfs mijn startknop is weg, waardoor ik dus de computer met de inschakelknop moet uitschakelen, ik kan dan gewoon niks meer met mijn pc.
Mijn virusscanner AVG 8.0 Free vindt verschillende threats zoals:
* Trojan horse SHeur
* Trojan horse Generic 10
* Virus win32/Heur
Die worden wel in de virus vault gezet, dus kwaad kunnen ze daar niet, maar toch.
Voor de rest ken ik niks van heel het goedje. Dus wou ik vragen of iemand mijn logje eens wil nakijken aub.
Alvast bedankt.
Groetjes Antje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:47:38, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C811310E-7D3B-4D70-B8E3-942DEC097E38} - (no file)
O2 - BHO: {ab1b2d4a-fef4-b368-6ee4-5cef79f8d3ee} - {ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba} - C:\WINDOWS\system32\nieomufv.dll (file missing)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210830269047
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211111605_ff937e48c7c8b596b8fd7c 5fc5531c62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUlLCrs - vtUlLCrs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6930 bytes
Hallo,
Ik ga even voor je kijken :D
Recep
Hallo,
1. Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-MalwareKlik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Deze moet je na de volgende stap posten.
2. Download Deckard's System Scanner (http://www.techsupportforum.com/sectools/Deckard/dss.exe) en plaats het op je Bureaublad.
Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te programma te starten, en volg de aanwijzingen.
Wanneer de scan klaar is, zal het tekstbestand main.txt openen.
Kopiëer en plak de inhoud van main.txt in je volgende bericht samen met het logje van MalwareBytes' Anti-Malware.Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet. Indien dit gebeurt, zorg dat sigcheck.exe toestemming krijgt om dit te doen.
Het kan gebeuren dat je Antivirusprogramma DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je antivirusprogramma dit niet verwijderen!
Succes,
Recep :D
Antjetaz 20 June 2008, 01:14 Hallo,
Ik heb net alles gedaan zoals gevraagd.
Dus post ik hier de logjes.
Alvast bedankt voor de snelle hulp:good:
Malwarebytes' Anti-Malware 1.17
Database versie: 870
0:55:19 20/06/2008
mbam-log-6-20-2008 (00-55-19).txt
Scan type: Snelle Scan
Objecten gescand: 41757
Verstreken tijd: 9 minute(s), 49 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 17
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 6
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensi ons\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Deckard's System Scanner v20071014.68
Run by Anja on 2008-06-20 01:03:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
51: 2008-06-19 23:03:31 UTC - RP55 - Deckard's System Scanner Restore Point
50: 2008-06-19 16:16:20 UTC - RP54 - Controlepunt van systeem
49: 2008-06-17 20:07:23 UTC - RP53 - Removed Google Toolbar for Internet Explorer
48: 2008-06-17 19:27:30 UTC - RP52 - Installed AVG Free 8.0
47: 2008-06-17 19:05:49 UTC - RP51 - Removed Norton WMI Update
-- First Restore Point --
1: 2008-06-15 14:27:58 UTC - RP5 - Geïnstalleerd: Adobe Reader 7.0 - Nederlands
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Anja.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:12, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Mijn documenten\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anja.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C811310E-7D3B-4D70-B8E3-942DEC097E38} - (no file)
O2 - BHO: {ab1b2d4a-fef4-b368-6ee4-5cef79f8d3ee} - {ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba} - (no file)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210830269047
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211111605_ff937e48c7c8b596b8fd7c 5fc5531c62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUlLCrs - vtUlLCrs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6748 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 Ndisusb (GeneLink Network Driver) - c:\windows\system32\drivers\genelan.sys <Not Verified; Genesys Logic; GeneLink>
R3 USBHSB (GeneLink USB Driver) - c:\windows\system32\drivers\glkusb.sys <Not Verified; Genesys Logic; GeneLink>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-20 and 2008-06-20 -----------------------------
2008-06-20 00:40:41 0 d-------- C:\Documents and Settings\Anja\Application Data\Malwarebytes
2008-06-20 00:40:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 00:40:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 02:13:07 0 dr-h----- C:\Documents and Settings\Anja\Onlangs geopend
2008-06-19 00:38:36 0 d-------- C:\Program Files\Trend Micro
2008-06-17 21:32:42 0 d-------- C:\Program Files\SpywareBlaster
2008-06-17 21:27:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-17 21:27:31 0 d-------- C:\Program Files\AVG
2008-06-17 20:54:34 0 d-------- C:\WINDOWS\pss
2008-06-17 20:30:33 4980768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 20:27:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-17 20:26:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 20:26:14 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-17 20:25:00 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-17 20:23:57 0 d-------- C:\WINDOWS\Internet Logs
2008-06-17 20:11:49 0 d-------- C:\Program Files\CCleaner
2008-06-17 19:20:45 0 d-------- C:\Program Files\Lavasoft
2008-06-17 19:20:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 19:18:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 18:40:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 00:17:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-17 00:00:36 0 d-------- C:\Documents and Settings\Anja\Application Data\Help
2008-06-16 19:00:10 0 d--h----- C:\$AVG8.VAULT$
2008-06-16 01:52:33 0 d-------- C:\Program Files\Panda Security
2008-06-15 16:29:17 99328 --a------ C:\WINDOWS\system32\qlusfoqq.dll
2008-06-12 21:19:18 3256320 --a------ C:\Documents and Settings\Anja\ntuser.dat
2008-06-12 21:15:37 0 d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-06-12 17:51:04 484775 --ahs---- C:\WINDOWS\system32\kQqYayay.ini2
2008-06-12 17:45:40 0 d-------- C:\WINDOWS\system32\netrax01
2008-06-12 17:45:39 0 d-------- C:\Temp
2008-06-05 19:07:50 0 d-------- C:\Documents and Settings\Anja\Application Data\MobileAction
2008-06-05 18:28:20 53586 -ra------ C:\WINDOWS\system32\drivers\ma8630u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:28:20 25428 -ra------ C:\WINDOWS\system32\drivers\ma8630m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:28:20 23248 -ra------ C:\WINDOWS\system32\drivers\ma8630c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 25302 -ra------ C:\WINDOWS\system32\drivers\MaVctrl.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 11986 -ra------ C:\WINDOWS\system32\drivers\MaVc2K.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 49484 -ra------ C:\WINDOWS\system32\drivers\MARDPNP.SYS <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 49867 -ra------ C:\WINDOWS\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:25:44 0 d-------- C:\WINDOWS\Application Data
2008-05-30 00:04:25 0 d-------- C:\Documents and Settings\Anja\Application Data\SecondLife
-- Find3M Report ---------------------------------------------------------------
2008-06-19 17:55:18 0 d-------- C:\Documents and Settings\Anja\Application Data\LimeWire
2008-06-17 22:07:39 0 d-------- C:\Program Files\Google
2008-06-17 21:22:39 0 d-------- C:\Program Files\Common Files
2008-06-17 18:41:49 364644 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-17 18:41:49 53652 --a------ C:\WINDOWS\system32\perfc013.dat
2008-06-16 20:30:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-31 14:10:44 0 d-------- C:\Program Files\MSN Messenger
2008-05-18 14:50:12 0 d-------- C:\Documents and Settings\Anja\Application Data\Google
2008-05-18 14:04:55 0 d-------- C:\Documents and Settings\Anja\Application Data\Sun
2008-05-18 14:04:18 0 d-------- C:\Program Files\Java
2008-05-18 13:58:52 0 d-------- C:\Program Files\Common Files\Java
2008-05-18 13:57:18 0 d-------- C:\Program Files\LimeWire
2008-05-15 18:15:21 0 d-------- C:\Documents and Settings\Anja\Application Data\AdobeUM
2008-05-15 18:11:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 22:57:52 0 d-------- C:\Documents and Settings\Anja\Application Data\Adobe
2008-05-13 21:06:21 0 d-------- C:\Program Files\Messenger
2008-05-13 21:05:58 0 d-------- C:\Program Files\Movie Maker
2008-05-13 21:02:56 0 d-------- C:\Program Files\Windows NT
2008-05-13 20:36:39 0 d-------- C:\Program Files\Ahead
2008-05-13 20:36:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 15:53:22 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-13 15:53:19 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-13 15:52:56 62 --ahs---- C:\Documents and Settings\Anja\Application Data\desktop.ini
2008-05-13 15:39:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 15:36:10 0 d-------- C:\Documents and Settings\Anja\Application Data\Macromedia
2008-05-13 15:27:44 0 d-------- C:\Program Files\VIAudioi
2008-05-13 15:24:45 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-13 15:23:58 0 d-------- C:\Program Files\VIA
2008-05-13 15:19:05 0 d-------- C:\Documents and Settings\Anja\Application Data\Identities
2008-05-13 14:07:15 0 d-------- C:\Program Files\microsoft frontpage
2008-05-13 14:06:45 0 -rahs---- C:\MSDOS.SYS
2008-05-13 14:06:45 0 -rahs---- C:\IO.SYS
2008-05-13 14:06:45 0 --a------ C:\CONFIG.SYS
2008-05-13 14:06:45 0 --a------ C:\AUTOEXEC.BAT
2008-05-13 14:05:10 0 d-------- C:\Program Files\Online Services
2008-05-13 14:04:02 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-13 14:02:59 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-13 14:02:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-13 14:02:37 0 d-------- C:\Program Files\MSN Gaming Zone
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C811310E-7D3B-4D70-B8E3-942DEC097E38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [20/03/2006 16:26]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [05/12/2007 01:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [17/06/2008 21:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlLCrs]
vtUlLCrs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaYqQk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b8c845b5]
rundll32.exe "C:\WINDOWS\system32\tvdrcqjq.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbbfb7629]
Rundll32.exe "C:\WINDOWS\system32\fywkenut.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
-- End of Deckard's System Scanner: finished at 2008-06-20 01:06:18 ------------
Hallo Antje,
1. Er zijn nog enkele restjes van Norton op je systeem aanwezig. Verwijder deze restjes op deze (http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument) manier.
2. Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\kQqYayay.ini2
C:\WINDOWS\system32\qlusfoqq.dll
C:\WINDOWS\system32\fywkenut.dll
C:\WINDOWS\system32\tvdrcqjq.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
"C:\WINDOWS\system32\netrax01") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en bewaar de logfile die opent voor later.
3. Open een nieuw kladblok bestand.
Kopieer de onderstaande code in het kladblok bestand.
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b8c845b5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbbfb7629]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C811310E-7D3B-4D70-B8E3-942DEC097E38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUlLCrs]Ga naar Bestand -> Opslaan als..
-- Bij Opslaan in kies je: Bureaublad
-- Bij Bestandsnaam zet je: Fix.reg
-- Bij Opslaan als type selecteer je: Alle bestanden (*.*)
Dubbelklik Fix.reg vanaf je bureaublad en laat wijzigen aan het register toevoegen.
Verwijder daarna Fix.reg vanaf je bureaublad.
Herstart je PC en post een nieuw HijackThislogje samen met log.txt die zich op je bureaublad bevindt.
Succes,
Recep :D
Antjetaz 22 June 2008, 22:46 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:11, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C811310E-7D3B-4D70-B8E3-942DEC097E38} - (no file)
O2 - BHO: {ab1b2d4a-fef4-b368-6ee4-5cef79f8d3ee} - {ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba} - (no file)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210830269047
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211111605_ff937e48c7c8b596b8fd7c 5fc5531c62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6949 bytes
log.txt
Deleting files
C:\WINDOWS\system32\kQqYayay.ini2 deleted
C:\WINDOWS\system32\qlusfoqq.dll deleted
C:\WINDOWS\system32\fywkenut.dll not found
C:\WINDOWS\system32\tvdrcqjq.dll not found
Deleting folders
"C:\WINDOWS\system32\netrax01" deleted
Hallo Antje,
1. Start Hijackthis en klik op "Do a system scan only"
Zet een vinkje voor de volgende regels (indien aanwezig!):
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: (no name) - {C811310E-7D3B-4D70-B8E3-942DEC097E38} - (no file)
O2 - BHO: {ab1b2d4a-fef4-b368-6ee4-5cef79f8d3ee} - {ee3d8f97-fec5-4ee6-863b-4fefa4d2b1ba} - (no file)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
Sluit nu alle overige vensters en klik op Fix checked. Sluit HijackThis.
2. Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6u6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Herstart je PC.Post hierna een nieuw logje met Deckard's System Scanner.
Succes,
Recep :D
Antjetaz 24 June 2008, 18:04 Deckard's System Scanner v20071014.68
Run by Anja on 2008-06-24 17:55:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Anja.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:00, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Mijn documenten\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anja.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210830269047
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5463 bytes
-- Files created between 2008-05-24 and 2008-06-24 -----------------------------
2008-06-24 17:27:45 0 d-------- C:\Program Files\Java
2008-06-24 17:27:42 0 d-------- C:\Program Files\Common Files\Java
2008-06-22 23:26:45 0 dr-h----- C:\Documents and Settings\Anja\Onlangs geopend
2008-06-20 00:40:41 0 d-------- C:\Documents and Settings\Anja\Application Data\Malwarebytes
2008-06-20 00:40:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 00:40:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 00:38:36 0 d-------- C:\Program Files\Trend Micro
2008-06-17 21:32:42 0 d-------- C:\Program Files\SpywareBlaster
2008-06-17 21:27:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-17 21:27:31 0 d-------- C:\Program Files\AVG
2008-06-17 20:54:34 0 d-------- C:\WINDOWS\pss
2008-06-17 20:30:33 11108384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 20:27:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-17 20:26:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 20:26:14 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-17 20:25:00 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-17 20:23:57 0 d-------- C:\WINDOWS\Internet Logs
2008-06-17 20:11:49 0 d-------- C:\Program Files\CCleaner
2008-06-17 19:20:45 0 d-------- C:\Program Files\Lavasoft
2008-06-17 19:20:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 19:18:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 18:40:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 00:17:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-17 00:00:36 0 d-------- C:\Documents and Settings\Anja\Application Data\Help
2008-06-16 19:00:10 0 d--h----- C:\$AVG8.VAULT$
2008-06-16 01:52:33 0 d-------- C:\Program Files\Panda Security
2008-06-12 21:19:18 3407872 --a------ C:\Documents and Settings\Anja\ntuser.dat
2008-06-12 21:15:37 0 d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-06-12 17:45:39 0 d-------- C:\Temp
2008-06-05 19:07:50 0 d-------- C:\Documents and Settings\Anja\Application Data\MobileAction
2008-06-05 18:28:20 53586 -ra------ C:\WINDOWS\system32\drivers\ma8630u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:28:20 25428 -ra------ C:\WINDOWS\system32\drivers\ma8630m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:28:20 23248 -ra------ C:\WINDOWS\system32\drivers\ma8630c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 25302 -ra------ C:\WINDOWS\system32\drivers\MaVctrl.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 11986 -ra------ C:\WINDOWS\system32\drivers\MaVc2K.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 49484 -ra------ C:\WINDOWS\system32\drivers\MARDPNP.SYS <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:26:17 49867 -ra------ C:\WINDOWS\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
2008-06-05 18:25:44 0 d-------- C:\WINDOWS\Application Data
2008-05-30 00:04:25 0 d-------- C:\Documents and Settings\Anja\Application Data\SecondLife
-- Find3M Report ---------------------------------------------------------------
2008-06-24 17:27:42 0 d-------- C:\Program Files\Common Files
2008-06-19 17:55:18 0 d-------- C:\Documents and Settings\Anja\Application Data\LimeWire
2008-06-17 22:07:39 0 d-------- C:\Program Files\Google
2008-06-17 18:41:49 364644 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-17 18:41:49 53652 --a------ C:\WINDOWS\system32\perfc013.dat
2008-06-16 20:30:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-31 14:10:44 0 d-------- C:\Program Files\MSN Messenger
2008-05-18 14:50:12 0 d-------- C:\Documents and Settings\Anja\Application Data\Google
2008-05-18 14:04:55 0 d-------- C:\Documents and Settings\Anja\Application Data\Sun
2008-05-18 13:57:18 0 d-------- C:\Program Files\LimeWire
2008-05-15 18:15:21 0 d-------- C:\Documents and Settings\Anja\Application Data\AdobeUM
2008-05-15 18:11:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 22:57:52 0 d-------- C:\Documents and Settings\Anja\Application Data\Adobe
2008-05-13 21:06:21 0 d-------- C:\Program Files\Messenger
2008-05-13 21:05:58 0 d-------- C:\Program Files\Movie Maker
2008-05-13 21:02:56 0 d-------- C:\Program Files\Windows NT
2008-05-13 20:36:39 0 d-------- C:\Program Files\Ahead
2008-05-13 20:36:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 15:53:22 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-13 15:53:19 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-13 15:52:56 62 --ahs---- C:\Documents and Settings\Anja\Application Data\desktop.ini
2008-05-13 15:39:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 15:36:10 0 d-------- C:\Documents and Settings\Anja\Application Data\Macromedia
2008-05-13 15:27:44 0 d-------- C:\Program Files\VIAudioi
2008-05-13 15:24:45 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-13 15:23:58 0 d-------- C:\Program Files\VIA
2008-05-13 15:19:05 0 d-------- C:\Documents and Settings\Anja\Application Data\Identities
2008-05-13 14:07:15 0 d-------- C:\Program Files\microsoft frontpage
2008-05-13 14:06:45 0 -rahs---- C:\MSDOS.SYS
2008-05-13 14:06:45 0 -rahs---- C:\IO.SYS
2008-05-13 14:06:45 0 --a------ C:\CONFIG.SYS
2008-05-13 14:06:45 0 --a------ C:\AUTOEXEC.BAT
2008-05-13 14:05:10 0 d-------- C:\Program Files\Online Services
2008-05-13 14:04:02 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-13 14:02:59 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-13 14:02:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-13 14:02:37 0 d-------- C:\Program Files\MSN Gaming Zone
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [20/03/2006 16:26]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [05/12/2007 01:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [17/06/2008 21:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
-- End of Deckard's System Scanner: finished at 2008-06-24 17:56:59 ------------
Hallo,
Je log is schoon. Indien je nog problemen ondervindt, graag even melden. Indien dit niet zo is, dan mag je alle gebruikte tools verwijderen.
Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.
- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt.
Om herinfectie te voorkomen kun je deze beveiligingstips (http://www.jawwi.nl/tips/beveiligen.html) doorlezen.
Veel plezier op het net,
Recep :D
|
|