Anoniem2 Geplaatst: 26 januari 2008 Delen Geplaatst: 26 januari 2008 Hallo lieve mensen, ik hoop dat jullie me kan helpen. since vanochtend krijg ik de melding DE BEWERKING IS GEANNULEERD VANWEGE OP UW SYSTEEM GELDENDE BEPERKINGEN, NEEM CONTACT MET DE SYSTEEM BEHEERDER OP\"\r\ndat ben ik dus. Als ik probeer in de configeratie sherm te komen, zelfs rechts op bereau blad te klikken krijg ik deze melding.\r\nIk heb hijackthis gedownload en dit is het rapport van\r\n\r\nLogfile of HijackThis v1.99.1\r\nScan saved at 15:02:59, on 26-1-2008\r\nPlatform: Windows XP SP2 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\system32\\csrss.exe\r\nC:\\WINDOWS\\system32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\Program Files\\Norman\\Npm\\Bin\\eLogsvc.exe\r\nC:\\Program Files\\Norman\\Npm\\Bin\\Zanda.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\system32\\LEXBCES.EXE\r\nC:\\WINDOWS\\system32\\LEXPPS.EXE\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\WINDOWS\\System32\\SCardSvr.exe\r\nC:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\r\nC:\\Program Files\\Norton Ghost\\Agent\\VProSvc.exe\r\nC:\\WINDOWS\\system32\\nvsvc32.exe\r\nC:\\Program Files\\Spyware Doctor\\svcntaux.exe\r\nC:\\Program Files\\Spyware Doctor\\swdsvc.exe\r\nC:\\WINDOWS\\system32\\RaboCommSrv.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\system32\\wbem\\wmiprvse.exe\r\nC:\\WINDOWS\\System32\\alg.exe\r\nC:\\WINDOWS\\system32\\dllhost.exe\r\nC:\\WINDOWS\\system32\\msdtc.exe\r\nC:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe\r\nC:\\Program Files\\Norman\\Npm\\bin\\ZLH.EXE\r\nC:\\Program Files\\IObit\\IObit SmartDefrag\\IObit SmartDefrag.exe\r\nC:\\Program Files\\Norton Ghost\\Agent\\VProTray.exe\r\nC:\\WINDOWS\\system32\\RUNDLL32.EXE\r\nC:\\WINDOWS\\RTHDCPL.EXE\r\nC:\\WINDOWS\\system32\\rundll32.exe\r\nC:\\Program Files\\Vista Start Menu\\VistaStartMenu.exe\r\nC:\\PVSW\\Bin\\W3DBSMGR.EXE\r\nC:\\Program Files\\Rabo\\Support\\RaboSessionMon.exe\r\nC:\\Program Files\\SpamWeed\\swengine.exe\r\nC:\\Program Files\\ClickTray Calendar\\ClickTray.exe\r\nC:\\PROGRA~1\\INCRED~1\\bin\\IMApp.exe\r\nC:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\r\nC:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\r\nC:\\Documents and Settings\\JANETTE\\Local Settings\\Temporary Internet Files\\Content.IE5\\4RLM1J4M\\HijackThis[1].exe\r\n\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = \r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)\r\nO2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll\r\nO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)\r\nO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll\r\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.1.1119.1736\\swg.dll\r\nO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll\r\nO4 - HKLM\\..\\Run: [ASUSGamerOSD] C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe\r\nO4 - HKLM\\..\\Run: [Norman ZANDA] C:\\Program Files\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH\r\nO4 - HKLM\\..\\Run: [SmartDefrag] \"C:\\Program Files\\IObit\\IObit SmartDefrag\\IObit SmartDefrag.exe\" /startup\r\nO4 - HKLM\\..\\Run: [Norton Ghost 12.0] \"C:\\Program Files\\Norton Ghost\\Agent\\VProTray.exe\"\r\nO4 - HKLM\\..\\Run: [SDTray] \"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\"\r\nO4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup\r\nO4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install\r\nO4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit\r\nO4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE\r\nO4 - HKLM\\..\\Run: [SkyTel] SkyTel.EXE\r\nO4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE\r\nO4 - HKCU\\..\\Run: [IncrediMail] C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c\r\nO4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\r\nO4 - HKCU\\..\\Run: [VistaStartMenu] \"C:\\Program Files\\Vista Start Menu\\VistaStartMenu.exe\"\r\nO4 - Startup: ClickTray Calendar.lnk = C:\\Program Files\\ClickTray Calendar\\ClickTray.exe\r\nO4 - Global Startup: Pervasive.SQL Workstation Engine.lnk = C:\\PVSW\\Bin\\W3DBSMGR.EXE\r\nO4 - Global Startup: Rabo Session Monitor.lnk = C:\\Program Files\\Rabo\\Support\\RaboSessionMon.exe\r\nO4 - Global Startup: SpamWeed.lnk = C:\\Program Files\\SpamWeed\\swengine.exe\r\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000\r\nO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~2\\INetRepl.dll\r\nO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~2\\INetRepl.dll\r\nO9 - Extra \'Tools\' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~2\\INetRepl.dll\r\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL\r\nO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\r\nO9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\r\nO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]\r\nO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]\r\nO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL\r\nO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll\r\nO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL\r\nO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL\r\nO20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll\r\nO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll\r\nO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\\WINDOWS\\ATKKBService.exe\r\nO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\r\nO23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\\Program Files\\Norman\\Npm\\Bin\\eLogsvc.exe\r\nO23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe\r\nO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\\WINDOWS\\system32\\LEXBCES.EXE\r\nO23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE\r\nO23 - Service: Norman NJeeves - Unknown owner - C:\\Program Files\\Norman\\Npm\\bin\\NJEEVES.EXE\r\nO23 - Service: Norman ZANDA - Norman ASA - C:\\Program Files\\Norman\\Npm\\Bin\\Zanda.exe\r\nO23 - Service: Norton Ghost - Symantec Corporation - C:\\Program Files\\Norton Ghost\\Agent\\VProSvc.exe\r\nO23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\\Program Files\\Norman\\Nvc\\bin\\nvcoas.exe\r\nO23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\\Program Files\\Norman\\Nvc\\BIN\\NVCSCHED.EXE\r\nO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe\r\nO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\Program Files\\Spyware Doctor\\svcntaux.exe\r\nO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\Program Files\\Spyware Doctor\\swdsvc.exe\r\nO23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe\r\nO23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\\WINDOWS\\system32\\RaboCommSrv.exe\r\n\r\ntoen heb ik \"smitfraudfix\" in velige modus gedraaid: die heeft niets gevonden.\r\n\r\n\r\nHKLM\\SYSTEM\\CCS\\Services\\Tcpip\\..\\{144D3144-1CEB-4DD2-B333-AD03EB2ECA12}: DhcpNameServer=192.168.2.1\r\nHKLM\\SYSTEM\\CS1\\Services\\Tcpip\\..\\{144D3144-1CEB-4DD2-B333-AD03EB2ECA12}: DhcpNameServer=192.168.2.1\r\nHKLM\\SYSTEM\\CS2\\Services\\Tcpip\\..\\{144D3144-1CEB-4DD2-B333-AD03EB2ECA12}: DhcpNameServer=192.168.2.1\r\nHKLM\\SYSTEM\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer=192.168.2.1\r\nHKLM\\SYSTEM\\CS1\\Services\\Tcpip\\Parameters: DhcpNameServer=192.168.2.1\r\nHKLM\\SYSTEM\\CS2\\Services\\Tcpip\\Parameters: DhcpNameServer=192.168.2.1\r\n\r\n\r\n»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files\r\n\r\n\r\n»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System\r\n!!!Attention, following keys are not inevitably infected!!!\r\n\r\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]\r\n\"System\"=\"\"\r\n\r\n\r\n»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning\r\n \r\nRegistry Cleaning done. \r\n \r\n»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix\r\n!!!Attention, following keys are not inevitably infected!!!\r\n\r\nSrchSTS.exe by S!Ri\r\nSearch SharedTaskScheduler\'s .dll\r\n\r\n\r\n»»»»»»»»»»»»»»»»»»»»»»»» End\r\n\r\nIk werk met windows xp prof.\r\n\r\nvast bedankt en groeten allemaal Quote Link naar reactie
Anoniem2 Geplaatst: 26 januari 2008 Auteur Delen Geplaatst: 26 januari 2008 Dat is dus overduidelijk een virus. Voer een grondige virusscan uit.\nMocht dat niet werken, start de computer in veilige modus F5 voor windows start, kijk of \'t normaal werkt en maak een nieuwe gebruiker aan. Anders moet je maar de hele schijf leeggooien. Quote Link naar reactie
Anoniem2 Geplaatst: 27 januari 2008 Auteur Delen Geplaatst: 27 januari 2008 :confused:\n\nMisty.... Je onderwerp valt nu kennelijk niet op. (dankzij de vele uitroeptekens; haal die sowieso maar weg). Je kunt je log het beste even onder de speciale thread zetten. Daar ziitten de experts in ieder geval ;)\n\n[URL]http://forum.computeridee.nl/showthread.php?t=38821[/URL]\n\nIn die thread worden alle HijackThis logjes verzameld, dus hier mag je rustig je log tussen de vraag van een ander plaatsen. Quote Link naar reactie
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen