Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 14
  1. 18 September 2006, 18:47 #1
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts

    Uitroep wil iemand dit nakijken?

    wel hier is men nieuwe hijackthis scan
    kijk dit plz na ik heb een trojan die nog steeds men firewall van windows blokt en dit lijkt me niet zo gezond

    Logfile of HijackThis v1.99.1
    Scan saved at 18:45:08, on 18/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Mozilla Firefox\Xinstall.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Thomas\Local Settings\Temp\wzddb0\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\Xinstall.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B66F1B77-F78B-445B-988F-7E7D8CC3B4DB}: NameServer = 195.238.2.21 195.238.2.22
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. 18 September 2006, 18:49 #2
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    1. Download dit bestand: - combofix.exe
    2. Dubbelklik op combofix.exe en volg de instructies die je krijgt.
    3. Wanneer het tooltje klaar is zal het een rapport maken voor je, post die log hier met een nieuw hijackthis logje.

    Note:
    Niet klikken terwijl combofix bezig is, dat zou het tooltje doen vastlopen!

    Member of ASAP
  3. 18 September 2006, 19:04 #3
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts
    oke de scan is gebeurd
    hier volgd de combofix log:



    Thomas - 06-09-18 18:57:18,75 Service Pack 2
    ComboFix 06.09.14 - Running from: C:\Documents and Settings\Thomas\Mijn documenten\thomas\combofix
    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Program Files\Common Files\{5051DF16-08A3-1043-0319-050920040020}

    ((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))

    2006-08-28 15:10 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

    2006-09-18 18:57 -------- d-------- C:\Program Files\Common Files
    2006-09-18 17:52 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-09-18 17:44 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-09-18 17:39 -------- d-------- C:\Program Files\Common Files\Services
    2006-09-18 16:22 -------- d-------- C:\Program Files\MSN Messenger
    2006-09-17 21:54 -------- d-------- C:\Documents and Settings\Thomas\Application Data\Xfire
    2006-09-17 20:46 -------- d---s---- C:\Program Files\Xfire
    2006-09-15 21:27 -------- d-------- C:\Program Files\VirtualDJ
    2006-09-15 19:17 -------- d-------- C:\Program Files\HammerHead
    2006-09-12 17:35 -------- d-------- C:\Program Files\Valve
    2006-09-06 16:43 -------- d-------- C:\Program Files\Yahoo!
    2006-09-06 16:42 -------- d-------- C:\Documents and Settings\Thomas\Application Data\AdobeUM
    2006-09-03 14:29 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
    2006-09-03 14:28 -------- d-------- C:\Program Files\HP
    2006-09-02 16:17 -------- d-------- C:\Program Files\SpeedFan
    2006-08-28 18:03 -------- d---s---- C:\Documents and Settings\Thomas\Application Data\Microsoft
    2006-08-27 17:17 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-08-23 10:34 -------- d-------- C:\Program Files\World of Warcraft
    2006-08-22 19:37 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
    2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvunrm.exe
    2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvuaudio.exe
    2006-08-15 12:01 -------- d-------- C:\Program Files\CCleaner
    2006-08-15 11:58 -------- d-------- C:\Program Files\Java
    2006-08-12 06:54 -------- d-------- C:\Program Files\Internet Explorer
    2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
    2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
    2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
    2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
    2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
    2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
    2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
    2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
    2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
    2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
    2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
    2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
    2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
    2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
    2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
    2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
    2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
    2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
    2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
    2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
    2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
    2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
    2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
    2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
    2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
    2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
    2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
    2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
    2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
    2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
    2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
    2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
    2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
    2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
    2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
    2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
    2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
    2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
    2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
    2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
    2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
    2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
    2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
    2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
    2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
    2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
    2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
    2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
    2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
    2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
    2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
    2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
    2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
    2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
    2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
    2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
    2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
    2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
    2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
    2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
    2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
    2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
    2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
    2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
    2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
    2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
    2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
    2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
    2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
    2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
    2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
    2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
    2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
    2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
    2006-08-08 18:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-08-05 17:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-08-05 17:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-08-05 17:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-08-05 17:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-08-05 08:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-07-20 17:15 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-07-20 17:15 -------- d-------- C:\Program Files\Sony
    2006-07-20 17:15 -------- d-------- C:\Program Files\Common Files\Sony Shared
    2006-07-20 16:22 -------- d-------- C:\Program Files\Windows Media Player
    2006-07-20 16:16 -------- d-------- C:\Program Files\Philips
    2006-06-22 07:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll
    2006-06-22 07:17 1440768 --a------ C:\WINDOWS\system32\query.dll

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.ex e"
    "Steam"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "Alaunch"="C:\\Windows\\alaunch.exe"
    "ATIPTA"=""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp. exe"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "snpstd"="C:\\WINDOWS\\vsnpstd.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "explorer"="C:\\Program Files\\Mozilla Firefox\\Xinstall.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,38,01,00,00,00,00,00,00 ,c8,02,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9 ,00,00,00,7c,00,00,00,72,00,\
    00,00,01,00,00,00
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

    Completion time: Mon 18/09/2006 18:57:49.90
    ComboFix.txt




    voilla en dan nu nog de nieuwe hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:03:20, on 18/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Mozilla Firefox\Xinstall.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Thomas\Local Settings\Temp\wzfa4d\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\Xinstall.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B66F1B77-F78B-445B-988F-7E7D8CC3B4DB}: NameServer = 195.238.2.21 195.238.2.22
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    alstublieft ik hoop dat dit voldoende informatie is
    mveeeeeeeeeeeeeeeeeeeeeeeeeeeelg
    thomas
  4. 18 September 2006, 19:14 #4
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    * Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    • Download de nieuwtse versie hier: Java Runtime Environment (JRE) 5.0 Update 8.
    • Scroll naar beneden tot waar er staat: "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Klik dan rechts op de "Download" knop.
    • Vink get volgende aan waar er staat: "Accept License Agreement".
    • De pagina zal herladen.
    • Klik op de link om Windows Offline Installationte downloaden met zonder Meerdere-talen En bewaar het naar je bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm en dubbelklik op software en verwijder alle oudere versies van Java.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart dan je pc.
    • Dubbelkik dan op jre-1_5_0_08-windowsi586-p.exe op je bureaublad om de nieuwste versie van Java te installeren.



    * Fix volgende regel in hijackthis:

    O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\Xinstall.exe

    * Post dan een nieuw hijackthis logje hier en vertel hoe alles verder werkt.

    Member of ASAP
  5. 18 September 2006, 19:22 #5
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts
    oke ik ga dat nu doen zodadelijk krijg je het logje
  6. 18 September 2006, 19:40 #6
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts
    voila ik heb alle sgedaan wat je zei, ik heb ook die regel aangevinkt en gefixd,
    verd werkt hier alles prima, ik kreeg enkel (en dat doet die trojan blijkbaar) toen ik de pc opstarte een melding dat er adware was gevonden in de pc maar nadat dit werd verplaatst naar de chest heb ik er niets meer van vernomen
    hier is de logfile




    Logfile of HijackThis v1.99.1
    Scan saved at 19:37:58, on 18/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Thomas\Local Settings\Temp\wze12b\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B66F1B77-F78B-445B-988F-7E7D8CC3B4DB}: NameServer = 195.238.2.21 195.238.2.22
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  7. 18 September 2006, 19:43 #7
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    * Download Dr.Web CureIt naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
    • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    • Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
    • Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    • Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    • Klik daarna de groene pijl rechts om de scan te starten.
    • Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    • Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd:
    • Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:

      Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    • Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
    • Sluit daarna Dr.Web Cureit.
    • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    • Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post met een nieuw hijackthis logje.

    Member of ASAP
  8. 18 September 2006, 20:59 #8
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts
    goed hier ben ik weer: ik heb alles uitgevoerd, ik krijg dat bericht niet meer van dat er adware was gevonden dat is verdwenen (das al goed e) enkel is de pc vastgelopen bij het laadbalkje van windows toen ik opstarte. ik heb de pries uit moeten trekken en daarna ging het wel, hoewel ik toen wel een zwart scherm kreeg met witte letters met de boodschap dat er bepaalde hardware en software verwijdert zijn (verder heb ik het niet kunnen lezen want toen drukte men pa al op normaal opstarten (hij was kwaad omdat hij vond dat ik het niet opgelost kreeg en omdat hij er niets van begreep, maar enfin)


    hier is de dr.web log:

    <TABLE style="WIDTH: 240pt; BORDER-COLLAPSE: collapse" cellSpacing=0 cellPadding=0 width=320 border=0 x:str><COLGROUP><COL style="WIDTH: 48pt" span=5 width=64><TBODY><TR style="HEIGHT: 12.75pt" height=17><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; WIDTH: 48pt; BORDER-BOTTOM: #ece9d8; HEIGHT: 12.75pt; BACKGROUND-COLOR: transparent" width=64 height=17>loadadv642.exe</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; WIDTH: 48pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" width=64>C:\Program Files\Mozilla Firefox</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; WIDTH: 144pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent; mso-ignore: colspan" width=192 colSpan=3>Trojan.DownLoader.9899</TD></TR><TR style="HEIGHT: 12.75pt" height=17><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; HEIGHT: 12.75pt; BACKGROUND-COLOR: transparent" height=17>A0046067.PIF</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">C:\System Volume Information\_restore{94FE7D59-CD15-44D2-BAEE-709F409A7FF7}\RP324</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Trojan.DownLoader.12821</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Deleted.</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent"></TD></TR><TR style="HEIGHT: 12.75pt" height=17><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; HEIGHT: 12.75pt; BACKGROUND-COLOR: transparent" height=17>A0046097.rbf</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">C:\System Volume Information\_restore{94FE7D59-CD15-44D2-BAEE-709F409A7FF7}\RP325</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Trojan.DownLoader.12821</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Deleted.</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent"></TD></TR><TR style="HEIGHT: 12.75pt" height=17><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; HEIGHT: 12.75pt; BACKGROUND-COLOR: transparent" height=17>A0046289.exe</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">C:\System Volume Information\_restore{94FE7D59-CD15-44D2-BAEE-709F409A7FF7}\RP326</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Win32.HLLW.MyBot</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent">Deleted.</TD><TD style="BORDER-RIGHT: #ece9d8; BORDER-TOP: #ece9d8; BORDER-LEFT: #ece9d8; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent"></TD></TR></TBODY></TABLE>


    en hier is de hijackthis life:


    Logfile of HijackThis v1.99.1
    Scan saved at 20:58:46, on 18/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Thomas\Local Settings\Temp\wz303d\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B66F1B77-F78B-445B-988F-7E7D8CC3B4DB}: NameServer = 195.238.2.21 195.238.2.22
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  9. 18 September 2006, 21:04 #9
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    Ziet er goed uit nu.

    Member of ASAP
  10. 18 September 2006, 21:15 #10
    kingtommyboy
    kingtommyboy is offline
    Gevorderd   kingtommyboy's schermafbeelding
    Geregistreerd
    6 June 2006
    Locatie
    antwerpen
    Berichten
    249
    Bedankjes
    10
    Bedankt
    37 keer in 24 posts
    denk je ? ik kan nog steeds men windows firewall niet openen die is sinds die trojan geblokt en hij blijft blijkbaar geblokt als ik hem wil openen dan krijg ik het bericht:
    kan het venster door onbekende redenen niet openen'
    wat kan ik daar aan doen?
    voor de rest werkt alles prima
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. mijn logje, wil iemand het even nakijken?
    Door kingtommyboy in forum HijackThis
    Reacties: 2
    Laatste bericht: 28 June 2006, 17:44
  2. Wil iemand dit eens nakijken vor mij AUB.
    Door Clioke16V in forum HijackThis
    Reacties: 8
    Laatste bericht: 11 November 2005, 23:03
  3. Kan aub iemand dit eens nakijken
    Door amber in forum HijackThis
    Reacties: 1
    Laatste bericht: 6 September 2005, 14:52
  4. kan iemand dit eens nakijken aub
    Door scorpiocay in forum HijackThis
    Reacties: 7
    Laatste bericht: 22 July 2005, 00:50
  5. wil iemand dit even nakijken aub
    Door Dieter001 in forum HijackThis
    Reacties: 1
    Laatste bericht: 13 July 2005, 21:05

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels