Ga naar inhoud

[OPGELOST] taakbalk sluit af+zeer traag

Gast wietstock

Door Gast wietstock
in Archief Bestrijding malware & virussen

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

OK, eerst die One Step. Als je hem via Software niet kan verwijderen, doe je dit via Windows Verkenner door volgende vetgedrukte map te deleten : C:\Program Files\OneStepSearch

Indien dit niet onmiddellijk lukt kan het zijn dat je de service OneStep Search Service eerst moet uitschakelen.

Via HJT mag je dan ook volgende lijn fixen :

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

En wat die keylogger betreft :Blazing Tools Keylogger registreert niet alleen je keystrokes, maar kan ze ook verzenden en is dus een veiligheidsrisico. Als je deze bewust gebruikt, mag je hem dus schrappen in het lijstje van te fixen items. Maar persoonlijk ben ik daar absoluut geen voorstander van ... maar het is uiteraard jouw PC.

Link naar reactie
Delen op andere sites
  • Reacties 56
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

windowsmark Vaste Klant

windowsmark

Geplaatst:
Geplaatst:

Ik heb alles gedaan.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:36:25, on 24-1-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Norton Internet Security\ISSVC.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\AGRSMMSG.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\HP\KBD\KBD.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Wyzo\wyzo.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Malware Scanner] C:\Program Files\MalwareRemover.com\Malware Scanner\MalScr.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

WhenUSave zit nog op je PC. Kan je die verwijderen via Configuratiescherm -> Software ? Anders via Verkenner : C:\Program Files\Save

Start Hijackthis nog eens op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download: RVAXO.exe

  • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
  • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
    Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
  • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.

Post tenslotte het log-bestandje van RVAXO en een nieuw HJT-log.

Die keylogger heb je laten staan, heb ik opgemerkt. Geen probleem. En wat die ccApp betreft : dat is je real time protector van Norton Antivirus. Hoe zit het inmiddels met de snelheid van je PC, want er is toch al één en ander verwijderd ?

Link naar reactie
Delen op andere sites
windowsmark Vaste Klant

windowsmark

Geplaatst:
Geplaatst:

Ik ga het nu allemaal doen, betreft de snelheid van mijn PC. het opstarten gaat alleen nog erg traag.

Ik heb zo'n FBI bootscreen kan je me vertellen hoe ik die er af kan halen.

En ook krijg ik bij het op starten deze error:

Runner Error

Runner file name (LogitechDesktopMessenger.exe) lacks a '-' (the app id seperator)

Link naar reactie
Delen op andere sites
windowsmark Vaste Klant

windowsmark

Geplaatst:
Geplaatst:

---RVAXO.exe Updated: 2008-01-24---first run---

Files found:

C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\winver.exe

C:\WINDOWS\b.exe

Uninstallers Rogue scanners:

OneStepSearch uninstaller found

Folders Found:

C:\Documents and Settings\Compaq_Eigenaar\Application Data\ShoppingReport

C:\Program Files\OneStepSearch

C:\Program Files\Common Files\{C0790CB5-0C81-1043-0429-05012605001f}

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\WINDOWS\system32\winver.exe

Folders Found:

--------------RVAXO.exe finished----------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:25:01, on 24-1-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Norton Internet Security\ISSVC.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\AGRSMMSG.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Wyzo\wyzo.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search Marketing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [c0790c1a] rundll32.exe "C:\WINDOWS\system32\unahsnvk.dll",b

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--

End of file - 7162 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

RVAXO heeft zijn werk goed gedaan. Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Daarmee verwijder je alles van RVAXO.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O4 - HKLM\..\Run: [c0790c1a] rundll32.exe "C:\WINDOWS\system32\unahsnvk.dll",b

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix.exe en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan

Je hebt ook een massa programma's die onnodig mee opstarten. Download Codestuff Starter.

Start Codestuff Starter op. Selecteer het tabblad Automatisch OPstarten en vink volgende items uit.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" –atboottime

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Wat dat FBI-bootscreen betreft (ken ik eigenlijk zelf niet zo goed), heb ik deze oplossing gevonden : kijk in Configuratiescherm > Systeem > tabblad Geavanceerd > Opstart en herstelinstellingen. Klik daar op instellingen en bij "Lijst met besturingssystemen x seconden weergeven" het vinkje weghalen. Probeer dat alvast eens uit.

De fout Runner Error

Runner file name (LogitechDesktopMessenger.exe) lacks a '-' (the app id seperator) verschijnt normaal als bij het opstarten gezocht wordt naar deze file, maar dat je die niet meer op je PC hebt omdat de software verwijderd is. Zoek eens of dat bestand LogitechDesktopMessenger.exe nog ergens te vinden is ?

Post daarna het log van Combofix en een nieuw log van HJT aub ?

Link naar reactie
Delen op andere sites
windowsmark Vaste Klant

windowsmark

Geplaatst:
Geplaatst:

ComboFix 08-01-23.1B - Compaq_Eigenaar 2008-01-24 23:21:41.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.585 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt

C:\Program Files\Common Files\{00000~1

C:\Program Files\Common Files\{00000~1\-0429-050126050000}\Update.exe

C:\Program Files\Common Files\{C0790~1

C:\Program Files\Common Files\cloader

C:\Program Files\Common Files\cloader\32vegas\logos\32vegas_Logo.ico

C:\Program Files\Common Files\cloader\32vegas\logos\cloader_idrpr.exe

C:\Program Files\Common Files\cloader\32vegas\logos\Interop.IWshRuntimeLibrary.dll

C:\Program Files\Common Files\misc002

C:\Program Files\Common Files\misc002\DXC.exe

C:\Program Files\deskbar

C:\Program Files\deskbar\about.html

C:\Program Files\deskbar\basis.xml

C:\Program Files\deskbar\deskbar.crc

C:\Program Files\deskbar\deskbar.inf

C:\Program Files\deskbar\icons.bmp

C:\Program Files\deskbar\inst.bat

C:\Program Files\deskbar\mbback.bmp

C:\Program Files\deskbar\mbbigopen.bmp

C:\Program Files\deskbar\mbclose.bmp

C:\Program Files\deskbar\mbfwd.bmp

C:\Program Files\deskbar\mblogo.bmp

C:\Program Files\deskbar\mbsep.bmp

C:\Program Files\deskbar\options.html

C:\Program Files\deskbar\softomate.gif

C:\Program Files\deskbar\Thumbs.db

C:\Program Files\deskbar\version.txt

C:\Program Files\newdotnet

C:\Program Files\newdotnet\nncore.dll

C:\Program Files\newdotnet\nnrun.exe

C:\Program Files\newdotnet\readme.html

C:\Program Files\newdotnet\uninstall.exe

C:\Program Files\newdotnet\uninstall6_38-1.exe

C:\Program Files\newdotnet\uninstall7_48.exe

C:\Program Files\outerinfo

C:\Program Files\outerinfo\OinFP.exe~

C:\Program Files\outerinfo\OiUninstaller.exe

C:\Program Files\outerinfo\outerinfo.ico

C:\Program Files\spoolsv.exe

C:\Program Files\surfsidekick 3

C:\Program Files\surfsidekick 3\Ssk.exe

C:\Program Files\surfsidekick 3\SskBho.dll

C:\Program Files\surfsidekick 3\SskCore.dll

C:\Program Files\thesearchaccelerator

C:\Program Files\thesearchaccelerator\INSTALL.LOG

C:\Program Files\thesearchaccelerator\IUCmore.dll

C:\Program Files\thesearchaccelerator\logo.ico

C:\Program Files\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0

C:\Program Files\thesearchaccelerator\Thumbs.db

C:\Program Files\thesearchaccelerator\toolbar.cfg

C:\Program Files\thesearchaccelerator\UCMTSAIE.dll

C:\Program Files\thesearchaccelerator\UNWISE.EXE

C:\Program Files\webhancer

C:\Program Files\webhancer\Programs\license.txt

C:\Program Files\webhancer\Programs\readme.txt

C:\Program Files\webhancer\Programs\sporder.dll

C:\Program Files\webhancer\Programs\webhdll.dll

C:\Program Files\webhancer\Programs\whagent.exe

C:\Program Files\webhancer\Programs\whagent.ini

C:\Program Files\webhancer\Programs\whinstaller.exe

C:\Program Files\webhancer\whAgent_update.exe

C:\WINDOWS\avp.exe

C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe

C:\WINDOWS\keyboard1.dat

C:\WINDOWS\mgrs.exe

C:\WINDOWS\NDNuninstall6_38-1.exe

C:\WINDOWS\NDNuninstall6_38.exe

C:\WINDOWS\NDNuninstall7_48.exe

C:\WINDOWS\newname.dat

C:\WINDOWS\system32\atqwayro.dll

C:\WINDOWS\system32\ctl3dv.1

C:\WINDOWS\system32\drvnepr.dll

C:\WINDOWS\system32\kvnshanu.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nqstv.ini

C:\WINDOWS\system32\nqstv.ini2

C:\WINDOWS\system32\nssE.dll

C:\WINDOWS\system32\rk.bin

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\rqronom.dll

C:\WINDOWS\system32\unahsnvk.dll

C:\WINDOWS\system32\vtsqn(2).dll

C:\WINDOWS\system32\vtsqn.dll

C:\WINDOWS\system32\winhab32.dll

C:\WINDOWS\system32\yayayww.dll

C:\WINDOWS\uninstall_nmon.vbs

C:\WINDOWS\winlog.exe

C:\WINDOWS\system32\ctl3dv.dll . . . . konden niet verwijderd worden

.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))

.

2008-01-24 23:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-24 21:05 . 2008-01-24 21:06 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-01-24 21:05 . 2008-01-24 21:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-01-24 19:35 . 2008-01-24 19:35 103,936 --a------ C:\WINDOWS\system32\drvnep.dll

2008-01-24 19:35 . 2008-01-24 19:35 3,584 --a------ C:\asswegsh.exe

2008-01-24 19:13 . 2008-01-24 19:36 <DIR> d-------- C:\RVAXO

2008-01-24 19:07 . 2008-01-24 19:12 626,383 --a------ C:\WINDOWS\system32\RVAXO.bat

2008-01-24 19:07 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe

2008-01-24 14:56 . 2008-01-24 14:56 <DIR> d-------- C:\Program Files\iPod

2008-01-24 14:46 . 2008-01-24 20:09 <DIR> d-------- C:\Program Files\Wyzo

2008-01-21 17:00 . 2008-01-24 23:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-21 17:00 . 2008-01-24 14:57 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-21 16:56 . 2008-01-21 16:56 <DIR> d-------- C:\Program Files\DAEMON Tools

2008-01-21 16:54 . 2008-01-21 16:54 <DIR> d-------- C:\Program Files\SymNetDrv

2008-01-21 16:49 . 2008-01-21 16:49 <DIR> d-------- C:\Compaq_Eigenaar

2008-01-18 13:37 . 2008-01-21 16:49 <DIR> d-------- C:\Program Files\Activision(3)

2008-01-16 23:37 . 2008-01-16 23:37 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-01-15 18:48 . 2008-01-16 18:03 <DIR> d-------- C:\WINDOWS\system32\nl-nl

2008-01-13 18:34 . 2008-01-13 18:34 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-10 20:11 . 2008-01-21 16:53 <DIR> d-------- C:\Program Files\Activision

2008-01-10 14:27 . 2008-01-21 21:27 <DIR> d-------- C:\Program Files\Xfire

2007-12-27 22:46 . 2008-01-18 13:37 <DIR> d-------- C:\Program Files\ES - Eather Server Vista Client V2.0

2007-12-27 19:52 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-27 19:52 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2007-12-27 19:51 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-12-27 19:51 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Programs

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-24 21:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-24 20:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-24 17:59 --------- d-----w C:\Program Files\AVPersonal

2008-01-24 13:34 --------- d-----w C:\Program Files\Java

2008-01-23 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-23 15:49 --------- d-----w C:\Program Files\Full Tilt Poker

2008-01-21 15:56 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-01-21 15:54 --------- d-----w C:\Program Files\Symantec

2008-01-21 15:53 --------- d-----w C:\Program Files\Hitman Pro

2008-01-21 15:50 --------- d-----w C:\Program Files\MSN Messenger

2008-01-21 15:48 --------- d-----w C:\Program Files\KalOnlineEng

2008-01-10 18:42 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys

2008-01-10 18:42 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys

2007-12-28 09:49 --------- d-----w C:\Program Files\Guild Wars

2007-12-22 11:01 --------- d-----w C:\Program Files\iTunes

2007-12-22 10:59 --------- d-----w C:\Program Files\QuickTime

2007-12-22 10:57 --------- d-----w C:\Program Files\Apple Software Update

2007-12-06 19:06 19,456 ----a-w C:\WINDOWS\system32\drivers\kpihvhgk.dat

2007-11-28 16:26 --------- d-----w C:\Program Files\e-texaspoker client

2005-07-29 14:24 472 -csha-r C:\WINDOWS\TWFyayBOb3JicnVpcw\nqIVuV1ivaL2wBpDwT.vbs

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}]

C:\WINDOWS\system32\bpkwb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ACED46D-F203-443D-BD06-1622E7FCF7D5}]

2004-08-04 13:00 103680 --a------ C:\WINDOWS\system32\ctl3dv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [ ]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 20:13 98304]

"bpk"="C:\WINDOWS\system32\bpk.exe" [ ]

"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 01:29 33936]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22 58984]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-13 12:51 100056]

"RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [ ]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]

"nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-16 23:37:12 2872144]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-10 19:01:25 67128]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

R0 xsqynnyk;xsqynnyk;C:\WINDOWS\system32\drivers\kpihvhgk.dat []

R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-10-13 16:32]

S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]

S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71bc2f1c-8726-11dc-ade9-0013d42048e4}]

\Shell\AutoRun\command - O:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2007-12-22 10:57:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-18 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2005-01-02 00:12:46 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-24 23:35:27

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-01-24 23:39:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-24 22:39:18

.

2008-01-22 02:29:34 --- E O F ---

Link naar reactie
Delen op andere sites
windowsmark Vaste Klant

windowsmark

Geplaatst:
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:50, on 24-1-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Norton Internet Security\ISSVC.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\AGRSMMSG.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Wyzo\wyzo.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\Compaq_Eigenaar\Mijn documenten\PC leeg maken\ATF-Cleaner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\bpkwb.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7ACED46D-F203-443D-BD06-1622E7FCF7D5} - C:\WINDOWS\system32\ctl3dv.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--

End of file - 5881 bytes

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.