Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

probleem: asappsrv.dll (hijackthis log)

None
8 antwoorden
  • Hello,

    Ik heb sinds vanochtend zeer traag internet en bureaublad weergeven is ook bijzonder traag. Even na het opstarten van de pc gaf mcaffee een melding van "asappsrv.dll" en hij kan dit niet verwijderen.

    Heb al verschillende programma's laten lopen maar geen die dit verwijderd. Weet er iemand hoe ik het (asappsrv.dll) kan verwijderen of fixen?

    Ik ben ondertussen ook bezig met het zoeken achter een oplossing voor "command service" dat spybot altijd blijft geven en maar niet kan verwijderen, mss dat jullie in dit logje ook een oplossing hiervoor kunnen vinden?

    Dank bij voorbaat


    Logfile of HijackThis v1.99.1
    Scan saved at 14:32:55, on 22/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\logitech\iTouch\iTouch.exe
    D:\daemon\daemon.exe
    D:\logitech\MouseWare\system\em_exec.exe
    D:\quicktime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\d-link\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    D:\HP\Digital Imaging\bin\hpohmr08.exe
    D:\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    D:\HP\Digital Imaging\bin\hpoevm08.exe
    D:\HP\Digital Imaging\Bin\hpoSTS08.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\svchost.exe
    D:\counterspy\sunThreatEngine.exe
    D:\counterspy\SunProtectionServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    D:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
    O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cacu_001.exe" /cleanup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Run - C:\WINDOWS\system32\cLbview.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  • Start HJT en doe een systemscan only en vink onderstaande regels aan en klik op fix checked.

    [b:bd02fd5745]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart[/b:bd02fd5745]

    Verwijder via verkenner onderstaand bestand.(dikgedrukt)

    C:\Program Files\[b:bd02fd5745]SpyBro\SpyBro.exe" /autostart[/b:bd02fd5745]



    Wil je onderstaand bestand uploaden bij jotti aub. http://virusscan.jotti.org/

    C:\WINDOWS\system32\[b:bd02fd5745]cLbview.dll[/b:bd02fd5745]



    Voer eens een online virusscan uit bij [b:bd02fd5745]Panda[/b:bd02fd5745].

    Klik op[b:bd02fd5745]"scan your PC"[/b:bd02fd5745]

    Er opent een nieuw venster

    Klik op [b:bd02fd5745]"check now"[/b:bd02fd5745]

    Er opent een nieuw venster. Vul daar je land in en een geldig e-mail adres.

    Klik dan op [b:bd02fd5745]"scan now"[/b:bd02fd5745]

    [i:bd02fd5745]Als je Panda nog nooit hebt gebruikt, wordt er een [b:bd02fd5745]Active X[/b:bd02fd5745] element gedownload, geef hier toestemming voor door op [b:bd02fd5745]"install"[/b:bd02fd5745] te drukken.[/i:bd02fd5745]

    Je ziet dan in beeld [b:bd02fd5745]"Select a device to scan…" [/b:bd02fd5745]

    kies voor [b:bd02fd5745]"My Computer"[/b:bd02fd5745]

    De computer wordt nu gescand (dit duurt wel even).

    Als de scan klaar is

    Klik op [b:bd02fd5745]"See report" [/b:bd02fd5745]en dan op [b:bd02fd5745]"save report"[/b:bd02fd5745]


    Open het tekstbestand en selecteer de gehele tekst. Kies [b:bd02fd5745]"kopieren"[/b:bd02fd5745] en post het hier in je antwoord.

    Dus in volgende post.
    1 : Het jotti antwoord
    2 : Het panda logje
    3 : een nieuw HJT logje ter controle.

    Succes
  • oke, Ik heb ongeveer gedaan wat je me hebt gezegd.

    dit is ten eerste de log van de panda scan:

    Incident Status Location

    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\cLbview.dll
    Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard121.dat
    Adware:adware/look2me Not disinfected Windows Registry
    Adware:adware/commad Not disinfected Windows Registry
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.stat.onestat.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.stat.onestat.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.metriweb.be/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.clickbank.net/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@metriweb[1].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
    Adware:Adware/SaveNow Not disinfected C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
    Adware:Adware/Yazzle Not disinfected C:\SnowballWarsInstaller.exe
    Dialer:Dialer.Gen Not disinfected D:\scansoft\ScanSoft PaperPort Pro Office 9.0\Other\PagisConverter\ENGLISH\data1.cab[convproc.exe]
    Adware:Adware/Bitamobar Not disinfected E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar[call.of.duty.2.multiplayer.private.server.1.0.patch-icu.zip][crack-inf.exe][autoupdatev2.exe]
    Adware:Adware/Bitamobar Not disinfected E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar[Call_of_Duty_PLUS_2_TRAINER-PiZZADOX.ZIP][crack-inf.exe][autoupdatev2.exe]
    Spyware:Cookie/Atlas DMT Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[2].txt
    Spyware:Cookie/Doubleclick Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@doubleclick[1].txt
    Spyware:Cookie/MetriWeb Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@metriweb[1].txt
    Spyware:Cookie/YieldManager Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@ad.yieldmanager[2].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@ADY~2.TXT]
    Spyware:Cookie/Belnk Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@belnk[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@BEL~1.TXT]
    Spyware:Cookie/Belnk Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@dist.belnk[2].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DIS~2.TXT]
    Spyware:Cookie/Doubleclick Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@doubleclick[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DOU~1.TXT]
    Spyware:Cookie/MetriWeb Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@metriweb[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@MET~1.TXT]

    als 2de heb is dit de lijst van jotti: eerste kader


    AntiVir
    Found Adware-Spyware/Look2Me.ab adware
    ArcaVir
    Found Adware.Looktome.Ab
    Avast
    Found Win32:Adware-gen.
    AVG Antivirus
    Found Generic.FWR
    BitDefender
    Found Trojan.Candebe.CZ
    ClamAV
    Found Adware.Lookme-26
    Dr.Web
    Found Adware.Look2me
    F-Prot Antivirus
    Found security risk or a "backdoor" program
    Fortinet
    Found Adware/Look2me
    Kaspersky Anti-Virus
    Found not-a-virus:AdWare.Win32.Look2Me.ab
    NOD32
    Found Win32/Adware.Look2Me application
    Norman Virus Control
    Found W32/Look2Me.DE
    UNA
    Found nothing
    VirusBuster
    Found Trojan.PolyAgent.A
    VBA32
    Found AdWare.Look2Me.ab

    2de kader:

    AntiVir Trojan/PSW.LdPinch.jm1
    ArcaVir X
    Avast X
    AVG Antivirus Dropper.Small.27.AC
    BitDefender Trojan.Dropper.Joiner.AJ
    ClamAV X
    Dr.Web Trojan.MulDrop.1161 F-Prot
    Antivirus X
    Fortinet W32/Joiner.AJ!tr
    Kaspersky Anti-Virus Constructor.Win32.MicroJoiner.17
    NOD32 X
    Norman Virus Control X
    UNA X
    VirusBuster X
    VBA32 TrojanDropper.Win32.Joiner.aj

    en dan tenslotte het nieuwe hjt logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:50:38, on 23/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\logitech\iTouch\iTouch.exe
    D:\d-link\AirGCFG.exe
    D:\logitech\MouseWare\system\em_exec.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\HP\Digital Imaging\bin\hpohmr08.exe
    D:\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    D:\HP\Digital Imaging\bin\hpoevm08.exe
    D:\HP\Digital Imaging\Bin\hpoSTS08.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    E:\games\hl2\Steam.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    D:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Run - C:\WINDOWS\system32\cLbview.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




  • Heel wat wijzer nu.


    * [u:e5c1fac68f]Clean de Cache and Cookies in
  • heb gedaan wat je hebt gezegd

    Look2Me-Destroyer logje:


    Look2Me-Destroyer V1.0.12

    Scanning for infected files…..
    Scan started at 24/06/2006 0:30:06

    Infected! C:\WINDOWS\system32\cLbview.dll
    Infected! C:\WINDOWS\system32\cLbview.dll

    Attempting to delete infected files…

    Attempting to delete: C:\WINDOWS\system32\cLbview.dll
    C:\WINDOWS\system32\cLbview.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cLbview.dll
    C:\WINDOWS\system32\cLbview.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

    nieuw hjt logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:38:44, on 24/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\logitech\iTouch\iTouch.exe
    D:\d-link\AirGCFG.exe
    D:\logitech\MouseWare\system\em_exec.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    D:\HP\Digital Imaging\bin\hpohmr08.exe
    D:\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    D:\HP\Digital Imaging\bin\hpoevm08.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    D:\HP\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  • Hoeveel virusscanners heb je nu draaien, volgens mij zie ik macfee en NOD32 klopt dat. Als NOD32 onderdeel is van HITman :cry: zou ik die IIG uitzetten of liever helemaal verwijderen(samen met HMP maar dat is persoonlijk)

    Ik zie op dit moment geen rare dingen meer in je logje maar ik wil je toch nog even onderstaande aanbieden.
    * [u:c487205c05]Clean de Cache and Cookies in
  • heb wat weinig tijd gehad gisteren maar hier is het rapport van Hjt en ewido

    ewido

    C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar/Call_of_Duty_PLUS_2_TRAINER-PiZZADOX.ZIP/crack-inf.exe -> Dropper.Agent.aao : Error during cleaning.
    E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar/call.of.duty.2.multiplayer.private.server.1.0.patch-icu.zip/crack-inf.exe -> Dropper.Agent.aao : Error during cleaning.
    :mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    F:
    ieuwe backup\20043108_165635_PC1\C\Documents and Settings\PC\Cookies\pc@cz8.clickzs[1].txt.nco/20043108_165635_PC1\C\DOCUME~1\PC\Cookies\PC@CZ8~1.TXT -> TrackingCookie.Clickzs : Error during cleaning.
    :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@doubleclick[1].txt.nco/20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DOU~1.TXT -> TrackingCookie.Doubleclick : Error during cleaning.
    :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@ad.yieldmanager[2].txt.nco/20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@ADY~2.TXT -> TrackingCookie.Yieldmanager : Error during cleaning.
    :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


    ::Report end

    HJt log

    Logfile of HijackThis v1.99.1
    Scan saved at 14:00:28, on 26/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\ewido\ewido anti-spyware 4.0\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\logitech\iTouch\iTouch.exe
    D:\d-link\AirGCFG.exe
    D:\logitech\MouseWare\system\em_exec.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    D:\HP\Digital Imaging\bin\hpohmr08.exe
    D:\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    E:\games\hl2\Steam.exe
    D:\HP\Digital Imaging\bin\hpoevm08.exe
    D:\HP\Digital Imaging\Bin\hpoSTS08.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    D:\counterspy\sunThreatEngine.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    D:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
    O4 - HKLM\..\Run: [!ewido] "D:\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • wil je nogmaals Ewido laten scannen en laat nu verwijderen wat het vind.

    Plaats daarna aub een nieuw logje van HJT aub.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.