Ik krijg de volgende melding op m'n blauw geworden bureaublad:
Warning! Spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
It's strongly recommend to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats.
Click here to scan your PC for spyware...
Na wat andere fora doorgelezen te hebben, ben ik er eindelijk achter dat er een hijackthis logje nodig is om het probleem op te lossen. Dus bij deze:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:35, on 11-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
CWINDOWS\System32\smss.exe
CWINDOWS\system32\csrss.exe
CWINDOWS\system32\winlogon.exe
CWINDOWS\system32\services.exe
CWINDOWS\system32\lsass.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\System32\svchost.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\system32\uoyzsydz.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\Explorer.EXE
CWINDOWS\system32\spoolsv.exe
CWINDOWS\system32\hkcmd.exe
CWINDOWS\system32\igfxpers.exe
CProgram Files\Synaptics\SynTP\SynTPEnh.exe
CProgram Files\Java\jre1.6.0_03\bin\jusched.exe
CWINDOWS\system32\iprntctl.exe
CWINDOWS\system32\iprntlgn.exe
CWINDOWS\system32\rundll32.exe
CDocuments and Settings\Eigenaar\winlogon.exe
CWINDOWS\mrofinu1188.exe
CWINDOWS\system32\rrwnw64s.exe
CWINDOWS\system32\rundll32.exe
CWINDOWS\system32\Rundll32.exe
CProgram Files\MSN Messenger\MsnMsgr.Exe
CProgram Files\Save\Save.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\RWlnZW5hYXI\command.exe
CWINDOWS\444.470
CProgram Files\Network Monitor\netmon.exe
CWINDOWS\system32\slserv.exe
CWINDOWS\system32\wdfmgr.exe
CWINDOWS\system32\wscntfy.exe
CWINDOWS\System32\alg.exe
CWINDOWS\system32\kcntrtdm.exe
CProgram Files\Internet Explorer\iexplore.exe
CProgram Files\Internet Explorer\iexplore.exe
CProgram Files\HijackThis.exe
CWINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.paradigit.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=CWINDOWS\system32\userinit.exe,CWINDOWS\system32\uoyzsydz.exe,
O4 - HKLM\..\Run: [IgfxTray] CWINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] CWINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] CWINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] CProgram Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] CProgram Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "CProgram Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] CWINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iPrint Tray] CWINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] CWINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [DJ Console Mk2] CProgram Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [lphce1pj0e3bt] CWINDOWS\system32\lphce1pj0e3bt.exe
O4 - HKLM\..\Run: [SMrhca1pj0e3bt] CProgram Files\rhca1pj0e3bt\rhca1pj0e3bt.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] CDocuments and Settings\Eigenaar\winlogon.exe
O4 - HKLM\..\Run: [runner1] CWINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [{13-30-00-06-DW}] CWINDOWS\system32\rrwnw64s.exe DWram02
O4 - HKLM\..\Run: [ExploreUpdSched] CWINDOWS\system32\kcntrtdm.exe DWram02
O4 - HKLM\..\Run: [38b130a9] rundll32.exe "CWINDOWS\system32\ljariurw.dll",b
O4 - HKLM\..\Run: [SMshc91pj0e3bt] CProgram Files\shc91pj0e3bt\shc91pj0e3bt.exe
O4 - HKLM\..\Run: [BM3b820335] Rundll32.exe "CWINDOWS\system32\cbcgetse.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "CProgram Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "CProgram Files\Save\Save.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CaptureWiz.lnk = Czzzzz\Pro\CaptureWiz.exe
O4 - Startup: Deewoo.lnk = CWINDOWS\system32\kcntrtdm.exe
O4 - Startup: DW_Start.lnk = CWINDOWS\system32\rrwnw64s.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = CProgram Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://CPROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CPROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
O23 - Service: Command Service (cmdService) - Unknown owner - CWINDOWS\RWlnZW5hYXI\command.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - CWINDOWS\444.470.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - CProgram Files\Network Monitor\netmon.exe
O23 - Service: SmartLinkService (SLService) - - CWINDOWS\SYSTEM32\slserv.exe
--
End of file - 5239 bytes
Maar hoe nu verder?
Alvast heel erg bedankt!!
