Vraag & Antwoord

Beveiliging & privacy

Hoi, ik hoop dat iemand mij kan helpen met deze hijacklog

19 antwoorden
  • Logfile of HijackThis v1.99.1 Scan saved at 16:04:50, on 20-2-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\FSI\F-Prot\F-Sched.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • Wat zijn precies de problemen ? heb je meerdere virusscanners geinstalleerd?
  • LOP-infectie Dit is het gevolg van het installeren van MessengerPlus met sponsors. Oplossing: Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Messenger plus. (Later kan je deze terug installeren, maar kies dan voor een installatie zonder sponsors.) Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven. Doe dit. Herstart de computer. Maak een HijackThislog en post deze. Doe daarna ook nog even dit: Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: vindjob.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:6ab2093648]dir %Windir%\tasks /a:h > files.txt notepad files.txt[/code:1:6ab2093648] Dubbelklik op vindjob.bat. Er opent een kladblokbestand. Post de inhoud van dit kladblokbestand vr.gr.smeenk :wink:
  • Waarom plaats je je log op een ander forum terwijl je hier al een antwoord gekregen hebt? http://www.pchelper.nl/forum/index.php?showtopic=36257
  • omdat ik dat niet gezien heb.
  • Krijg je geen notificatiemailtjes van dit forum? Voer vindjob.bat maar uit dan help ik je wel verder :wink:
  • Ik heb het opgeslagen zoals je hierboven beschreven heb, alleen opent de pc het bestandje vindjob niet op mijn bureablad. Het geeft aan:geen geldige WIN32 toepassing!
  • Probeer dit eens Start HijackThis. Ga naar Config – Misc Tools. Plaats een vinkje bij: - List also Minor sections (full) - List Empty sections (complete) Klik op de knop ”Generate Startuplist log”. Er wordt een bestand aangemaakt: startuplist.txt. Post de inhoud van dit bestand.
  • StartupList report, 22-2-2006, 13:54:15 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Nursen\Bureaublad\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\FSI\F-Prot\F-Sched.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Nursen\Menu Start\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe" dla = C:\WINDOWS\system32\dla\tfswctrl.exe UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime F-StopW = C:\Program Files\FSI\F-Prot\F-StopW.EXE FRISK FP-Scheduler = C:\Program Files\FSI\F-Prot\F-Sched.exe BDMCon = C:\progra~1\softwin\bitdef~1\bdmcon.exe BDNewsAgent = C:\progra~1\softwin\bitdef~1\bdnagent.exe BDSwitchAgent = C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe CloneDVDElbyDelay = "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay MessengerPlus3 = "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe" TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot NWEReboot = AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe Sonic RecordNow! = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Index Washer = C:\Program Files\Webroot\Washer\WashIdx.exe "Nursen" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [>{D8B24236-26D8-440C-AAFF-4B0D83CF2EA3}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: AC6C3CD79187AF73.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [CryptoRSA Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab [Checkers Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Minesweeper Flags Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab [FileSharingCtrl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab [ZoneAxRcMgr Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab [ZoneIntro Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab [{C94158E1-6151-4442-ABE6-FD53D6534EFB}] CODEBASE = http://searchfind.info/bar/win32.cab [Downloader Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://chat.msn.com/controls/msnchat45.cab [Solitaire Showdown Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled) Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system) adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled) aeaudio: system32\drivers\aeaudio.sys (manual start) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system) Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled) Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled) aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled) aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled) ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled) AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled) amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled) asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled) asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled) Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system) ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start) AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart) AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system) AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system) AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system) AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart) AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart) AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart) BitDefender Scan Server: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (autostart) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled) Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start) cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled) Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system) Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled) COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled) dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) drvmcdb: system32\drivers\drvmcdb.sys (system) drvnddm: system32\drivers\drvnddm.sys (autostart) Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start) 3Com EtherLink XL 90XB/C-adapterstuurprogramma: System32\DRIVERS\el90xbc5.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start) FILESpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\filespy.sys (autostart) Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) FPA_RTP: system32\Drivers\FSTOPW.SYS (system) Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system) Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start) hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system) i81x: System32\DRIVERS\i81xnt5.sys (manual start) iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start) iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start) iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start) iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start) iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start) iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start) iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start) iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start) iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start) iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start) Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start) ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled) IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled) Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system) IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system) Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system) Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start) mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled) WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start) RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: System32\DRIVERS\netbios.sys (system) NetBios over Tcpip: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system) Stuurprogramma voor Intel PentiumIII-processor: System32\DRIVERS\p3.sys (system) Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start) PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled) perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart) WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start) Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Logitech QuickCam Express: system32\DRIVERS\LVCM.sys (manual start) ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled) Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled) ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled) ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled) ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled) Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Stuurprogramma voor Terminal-serverapparaatredirector: System32\DRIVERS\rdpdr.sys (manual start) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (autostart) Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system) REGSpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys (autostart) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system) Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled) BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start) smwdm: system32\drivers\smwdm.sys (manual start) Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRV: System32\DRIVERS\srv.sys (manual start) sscdbhk5: system32\drivers\sscdbhk5.sys (system) SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) ssrtln: system32\drivers\ssrtln.sys (system) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) STOPzilla Local Service: C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) SPYC@M 300: system32\drivers\STV680.sys (manual start) Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1B4EE87E-0728-45C1-9B93-5459EDA15236} (manual start) symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled) symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled) sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled) sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start) Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Stuurprogramma voor USB-audio (WDM): system32\drivers\usbaudio.sys (manual start) Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start) Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled) ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) BitDefender Virus Shield: "C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start) Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Washer Security Access: C:\WINDOWS\system32\wwSecure.exe (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BitDefender Communicator: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 41.523 bytes Report generated in 0,125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  • Het is gelukt, hopelijk kan je hier wat mee. Bedankt alvast.
  • Download [url=http://www.downloads.subratam.org/KillBox.exe]Killbox[/url]. Klik op killbox.exe. Kies de optie: "[b:ab9bb9a612]Delete on reboot[/b:ab9bb9a612]". [b:ab9bb9a612]Kopieer[/b:ab9bb9a612] het volgende vetgedrukt deel: [b:ab9bb9a612]C:\WINDOWS\tasks\AC6C3CD79187AF73.job C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe[/b:ab9bb9a612] Open [b:ab9bb9a612]'file'[/b:ab9bb9a612] in het killboxmenu bovenaan en kies: [b:ab9bb9a612]Paste from clipboard[/b:ab9bb9a612] Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld. Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling) Klik op de knop: [b:ab9bb9a612]All files[/b:ab9bb9a612] (!Belangrijk!) Daarna, Klik op de rode cirkel met het wit kruisje erin. Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES. Je pc moet nu rebooten. Na de herstart post je opnieuw een startuplist en ook een nieuwe "gewone" HijackThis log :wink:
  • StartupList report, 22-2-2006, 14:30:12 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Nursen\Bureaublad\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\sessmgr.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\FSI\F-Prot\F-Sched.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Nursen\Menu Start\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe" dla = C:\WINDOWS\system32\dla\tfswctrl.exe UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime F-StopW = C:\Program Files\FSI\F-Prot\F-StopW.EXE FRISK FP-Scheduler = C:\Program Files\FSI\F-Prot\F-Sched.exe BDMCon = C:\progra~1\softwin\bitdef~1\bdmcon.exe BDNewsAgent = C:\progra~1\softwin\bitdef~1\bdnagent.exe BDSwitchAgent = C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe CloneDVDElbyDelay = "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay MessengerPlus3 = "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe" TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot NWEReboot = AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe Sonic RecordNow! = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [>{D8B24236-26D8-440C-AAFF-4B0D83CF2EA3}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [CryptoRSA Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab [Checkers Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Minesweeper Flags Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab [FileSharingCtrl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab [ZoneAxRcMgr Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab [ZoneIntro Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab [{C94158E1-6151-4442-ABE6-FD53D6534EFB}] CODEBASE = http://searchfind.info/bar/win32.cab [Downloader Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://chat.msn.com/controls/msnchat45.cab [Solitaire Showdown Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled) Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system) adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled) aeaudio: system32\drivers\aeaudio.sys (manual start) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system) Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled) Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled) aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled) aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled) ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled) AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled) amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled) asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled) asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled) Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system) ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start) AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart) AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system) AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system) AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system) AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart) AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart) AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart) BitDefender Scan Server: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (autostart) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled) Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start) cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled) Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system) Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled) COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled) dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) drvmcdb: system32\drivers\drvmcdb.sys (system) drvnddm: system32\drivers\drvnddm.sys (autostart) Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start) 3Com EtherLink XL 90XB/C-adapterstuurprogramma: System32\DRIVERS\el90xbc5.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start) FILESpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\filespy.sys (autostart) Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) FPA_RTP: system32\Drivers\FSTOPW.SYS (system) Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system) Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start) hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system) i81x: System32\DRIVERS\i81xnt5.sys (manual start) iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start) iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start) iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start) iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start) iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start) iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start) iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start) iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start) iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start) iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start) Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start) ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled) IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled) Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system) IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system) Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system) Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start) mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled) WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start) RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: System32\DRIVERS\netbios.sys (system) NetBios over Tcpip: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system) Stuurprogramma voor Intel PentiumIII-processor: System32\DRIVERS\p3.sys (system) Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start) PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled) perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart) WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start) Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Logitech QuickCam Express: system32\DRIVERS\LVCM.sys (manual start) ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled) Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled) ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled) ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled) ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled) Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Stuurprogramma voor Terminal-serverapparaatredirector: System32\DRIVERS\rdpdr.sys (manual start) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (autostart) Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system) REGSpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys (autostart) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system) Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled) BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start) smwdm: system32\drivers\smwdm.sys (manual start) Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRV: System32\DRIVERS\srv.sys (manual start) sscdbhk5: system32\drivers\sscdbhk5.sys (system) SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) ssrtln: system32\drivers\ssrtln.sys (system) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) STOPzilla Local Service: C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) SPYC@M 300: system32\drivers\STV680.sys (manual start) Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1B4EE87E-0728-45C1-9B93-5459EDA15236} (manual start) symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled) symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled) sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled) sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start) Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Stuurprogramma voor USB-audio (WDM): system32\drivers\usbaudio.sys (manual start) Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start) Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled) ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) BitDefender Virus Shield: "C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start) Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Washer Security Access: C:\WINDOWS\system32\wwSecure.exe (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BitDefender Communicator: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 41.476 bytes Report generated in 0,890 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  • Logfile of HijackThis v1.99.1 Scan saved at 14:32:00, on 22-2-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\sessmgr.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\FSI\F-Prot\F-Sched.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing) O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels: [b:9d3c20a6b1]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing) O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab[/b:9d3c20a6b1] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] (gemaakt door Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1]. Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1]. Gebruik je ook Firefox als browser: Klik op tabblad "Firefox", plaats een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1]. Gebruik je ook Opera als browser: Klik op tabblad "Opera", plaats een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1]. Ga naar het tabblad "Main" en klik op de knop [b:9d3c20a6b1]Exit[/b:9d3c20a6b1] om het programma af te sluiten. Doe een online scan via [url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm]Panda's online virus scan[/url]. Krijg je de mogelijkheid om een logje op te slaan dan doe je dit. Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda.
  • Incident Status Location Adware:Adware/Lop Not disinfected C:\!KillBox\mathtray.exe Adware:Adware/Lop Not disinfected C:\!KillBox\openplan.exe Adware:Adware/Lop Not disinfected C:\!KillBox\waitrdr.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Camp Okay.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Closerect.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\eqabout.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Free Tick.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Heart Admin.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\license pop.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\OnceSecond.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Phone acid.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Ref Meow.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\uploadless.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Wma Fast.exe Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Esther\Application Data\Mozilla\Firefox\Profiles\45ihxt0l.default\cookies.txt[] Adware:Adware/Lop Not disinfected C:\Documents and Settings\Esther\Local Settings\Temporary Internet Files\Content.IE5\PKO35P41\newpass2[1].htm Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nursen\Application Data\Mozilla\Firefox\Profiles\5x6wtwl7.default\cookies.txt[] Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\aurqeuvf.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\bkcikqem.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\bpvgezbc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\brmiowtt.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\cighqzuo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\coabisek.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\csuhyzan.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\deobwuqt.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\dqavuesh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\flumiyfw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\hygmypgb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\jeabkorf.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\jmhjagac.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\JUNKCOOL1VC.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kkfixqyk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kknaztzc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\koxqzgph.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kvqjggcq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\lpiulmjh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mbiynvaa.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mftqmznm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mgdogqbm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\nbksuxsw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\ndejlhld.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\njtdrodb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\oxvhalhi.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pkftiaob.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pkvononb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\Poke Coal Dent.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pzrmfyod.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\qbntovco.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\rstraqlk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\ssatqanh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\tcgybonr.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\tnazfaqa.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\uqwidrot.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\uydoxrno.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\vgkchfrq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\vyztccxq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\yxhvwcmn.exe Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\ErrorSafe\PCheck.dll Virus:Eicar.Mod Not disinfected C:\Program Files\FSI\F-Prot\fpav-help.chm[prob-scan-ok.html] Virus:Eicar.Mod Not disinfected C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[prob-scan-ok.html] Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html] Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@tribalfusion[2].txt] Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@serving-sys[2].txt] Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@linksynergy[2].txt] Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@fastclick[1].txt] Spyware:Cookie/Com.com Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@com[2].txt] Spyware:Cookie/2o7.net Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@2o7[2].txt] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[sysdetect.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[points manager.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asmps.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asmend.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asm.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[altnetuninstall.exe] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admprog.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admfdi.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admdloader.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admdata.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm4.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm25.dll] Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm.exe] Spyware:Cookie/Zedo Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@zedo[2].txt] Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@serving-sys[2].txt] Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@servedby.advertising[2].txt] Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@mediaplex[1].txt] Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@fastclick[2].txt] Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@doubleclick[1].txt] Spyware:Cookie/Bs.serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@bs.serving-sys[2].txt] Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@bluestreak[2].txt] Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@atdmt[2].txt] Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@advertising[2].txt] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050415170658.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050415170658.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050427214454.zip[P2P Networking v125.cpl] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking v125.cpl] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[P2P Networking v125.cpl] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe] Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking v125.cpl] Adware:Adware/WUpd Not disinfected C:\Program Files\Windows AdStatus\WinStatComm.dll Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf Adware:adware/gator Not disinfected C:\WINDOWS\GatorFDDLI.log Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\biini.inf Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\INF\twaintec.inf Dialer:Dialer.SU Not disinfected C:\WINDOWS\run.cxq Hacktool:Rootkit/RWAny.A Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\erssdd.sys Adware:Adware/PowerSearch Not disinfected C:\WINDOWS\SYSTEM32\IEHelper.dll_tobedeleted Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\rk.bin
  • Logfile of HijackThis v1.99.1 Scan saved at 15:55:40, on 22-2-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\FSI\F-Prot\F-Sched.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\SYSTEM32\spider.exe C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing) O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • Het log van HijackThis ziet er goed uit :) Als het goed is krijg je nu al geen popups meer. Ik heb helaas nu geen tijd meer om je adviezen te geven omtrent het Panda logje, vanavond later post ik nog wel een keer :wink:
  • Oke bedankt voor je hulp.
  • eventjes Offtopic, nouja beetje dan, heeft MSNPLUS zonder sponsors ook adaware/rotzooi? Want anders laat ik het gewoon geinstalleerd... :-?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.