Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

logfile highjackthis

None
10 antwoorden
  • Wie wil hier even naar kijken:


    Logfile of HijackThis v1.99.1
    Scan saved at 18:13:28, on 4-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc
    O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Ga naar start - uitvoeren en tik in:
    [b:6318033e3d]sc delete MsaSvc[/b:6318033e3d]

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:6318033e3d]O4 - Startup: Reboot.exe[/b:6318033e3d]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • G‚janne - 06-11-04 21:04:14,32 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\G‚janne\Bureaublad"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\{300DCC10-0BF3-1043-1221-05060305001f}
    C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f}


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))


    2006-11-04 15:45 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2006-11-04 15:45 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2006-11-04 15:44 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
    2006-11-04 15:44 102,912 –a—— C:\WINDOWS\system32\islzma.dll
    2006-11-04 15:30 46,352 –a—— C:\WINDOWS\setdebug.exe
    2006-11-04 15:30 139,536 –a—— C:\WINDOWS\system32\javaee.dll
    2006-11-04 15:30 113 –a—— C:\WINDOWS\system32\zonedon.reg
    2006-11-04 15:30 113 –a—— C:\WINDOWS\system32\zonedoff.reg
    2006-11-04 15:23 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2006-10-31 22:10 115,642 –a—— C:\WINDOWS\system32\tdc.exe
    2006-10-31 22:07 10,911 –a—— C:\sbgsyga.exe
    2006-10-05 18:08 162,304 –a—— C:\UNWISE.EXE


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-04 21:05 ——– d——– C:\Program Files\Common Files
    2006-11-04 21:01 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Skype
    2006-11-04 18:04 ——– d——– C:\Program Files\Hitman Pro
    2006-11-04 15:50 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Lavasoft
    2006-11-04 15:49 ——– d——– C:\Program Files\SpywareBlaster
    2006-11-04 15:47 ——– d——– C:\Program Files\Spyware Doctor
    2006-11-04 15:45 ——– d——– C:\Documents and Settings\G‚janne\Application Data\PC Tools
    2006-11-04 15:44 ——– d——– C:\Program Files\Webroot
    2006-11-04 15:44 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Webroot
    2006-11-04 15:43 ——– d——– C:\Program Files\Lavasoft
    2006-11-04 15:33 ——– d——– C:\Program Files\Google
    2006-11-01 21:21 ——– d——– C:\Program Files\MSN
    2006-11-01 21:17 ——– d——– C:\Documents and Settings\G‚janne\Application Data\MSN6
    2006-11-01 18:16 ——– d——– C:\Program Files\PimpFish
    2006-11-01 13:40 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Google
    2006-10-31 22:41 ——– d——– C:\Program Files\Java
    2006-10-31 22:36 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Help
    2006-10-11 14:54 3350 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
    2006-09-29 15:36 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Adobe
    2006-09-28 17:28 ——– d——– C:\Documents and Settings\G‚janne\Application Data\LimeWire
    2006-09-27 13:03 ——– d——– C:\Program Files\Adobe
    2006-09-27 13:02 ——– d——– C:\Program Files\Common Files\Adobe
    2006-09-27 13:00 ——– d——– C:\Program Files\Windows Media Player
    2006-09-27 12:59 ——– d——– C:\Program Files\Common Files\Adobe Systems Shared
    2006-09-27 12:57 20016 ——— C:\WINDOWS\system32\drivers\pxhelp20.sys
    2006-09-27 08:34 778656 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
    2006-09-21 18:53 ——– d—s—- C:\Documents and Settings\G‚janne\Application Data\Microsoft
    2006-09-19 17:19 ——– d——– C:\Program Files\Incomplete
    2006-09-19 13:45 ——– d——– C:\Program Files\TRUST 640U SILVERLINE HEADSET USB
    2006-09-17 20:37 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AdobeUM
    2006-09-17 20:37 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AdobeAUM
    2006-09-17 20:33 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
    2006-09-12 14:35 ——– d——– C:\Program Files\LimeWire
    2006-09-12 00:16 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Ahead
    2006-09-11 11:48 ——– d——– C:\Program Files\Microsoft Works
    2006-09-11 11:48 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-11 11:46 ——– d——– C:\Program Files\Internet Explorer
    2006-09-11 11:43 ——– d——– C:\Program Files\Outlook Express
    2006-09-11 11:43 ——– d——– C:\Program Files\Common Files\System
    2006-09-10 23:00 ——– d——– C:\Program Files\Windows Live Toolbar
    2006-09-10 22:52 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Sun
    2006-09-09 13:02 ——– d–h—– C:\Program Files\WindowsUpdate
    2006-09-09 12:55 ——– d——– C:\Program Files\Common Files\Ahead
    2006-09-09 12:51 ——– d——– C:\Program Files\Nero
    2006-09-09 12:47 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Macromedia
    2006-09-09 11:44 56 -r-hs—- C:\WINDOWS\system32\F7FBD78099.sys
    2006-09-09 11:40 ——– d——– C:\Program Files\Common Files\DESIGNER
    2006-09-09 11:38 ——– d——– C:\Program Files\Corel
    2006-09-09 11:38 ——– d——– C:\Program Files\Common Files\Corel
    2006-09-09 11:26 ——– d——– C:\Program Files\CCleaner
    2006-09-09 11:13 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Corel
    2006-09-08 14:59 ——– d——– C:\Program Files\Common Files\InstallShield
    2006-09-08 14:38 ——– d——– C:\Program Files\Common Files\Java
    2006-09-08 14:32 4992 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-09-08 14:32 4288 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-09-08 14:32 27904 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-09-08 14:32 23424 –a—— C:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-09-08 14:32 ——– d——– C:\Program Files\Grisoft
    2006-09-08 14:32 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AVG7
    2006-09-08 14:28 ——– d——– C:\Program Files\Microsoft Visual Studio
    2006-09-08 14:28 ——– d——– C:\Program Files\Microsoft Office
    2006-09-08 14:21 ——– d——– C:\Program Files\xp-AntiSpy
    2006-09-08 13:03 ——– d——– C:\Program Files\Common Files\SpeechEngines
    2006-09-08 13:03 ——– d——– C:\Program Files\Common Files\ODBC
    2006-09-08 13:02 62 –ahs—- C:\Documents and Settings\G‚janne\Application Data\desktop.ini
    2006-09-08 12:12 ——– d——– C:\Program Files\Movie Maker
    2006-09-08 12:10 ——– d——– C:\Program Files\Windows NT
    2006-09-08 12:10 ——– d——– C:\Program Files\NetMeeting
    2006-09-08 11:59 ——– d——– C:\Program Files\Realtek Sound Manager
    2006-09-08 11:59 ——– d——– C:\Program Files\Realtek AC97
    2006-09-08 11:59 ——– d——– C:\Program Files\AvRack
    2006-09-08 11:58 ——– d——– C:\Program Files\directx
    2006-09-08 11:51 ——– d——– C:\Program Files\S3
    2006-09-08 11:49 ——– d——– C:\Program Files\VIA
    2006-09-08 11:44 ——– d–h—– C:\Program Files\Uninstall Information
    2006-09-08 11:44 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Identities
    2006-09-08 11:36 0 -rahs—- C:\MSDOS.SYS
    2006-09-08 11:36 0 -rahs—- C:\IO.SYS
    2006-09-08 11:36 0 –a—— C:\CONFIG.SYS
    2006-09-08 11:36 0 –a—— C:\AUTOEXEC.BAT
    2006-09-08 11:36 ——– d——– C:\Program Files\xerox
    2006-09-08 11:36 ——– d——– C:\Program Files\microsoft frontpage
    2006-09-08 11:35 ——– d——– C:\Program Files\Online Services
    2006-09-08 11:34 ——– d——– C:\Program Files\Common Files\Services
    2006-09-08 11:34 ——– d——– C:\Program Files\Common Files\MSSoap
    2006-09-08 11:33 ——– d——– C:\Program Files\ComPlus Applications
    2006-09-08 11:32 ——– d——– C:\Program Files\MSN Gaming Zone
    2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
    2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
    "VTTimer"="VTTimer.exe"
    "VTTrayp"="VTtrayp.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    "Spyware Doctor"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    "Spyware Doctor"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20061104-210148-100
    O4 - Startup: Reboot.exe

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

    Completion time: 06-11-04 21:06:01.37
    C:\ComboFix.txt … 06-11-04 21:06



    Logfile of HijackThis v1.99.1
    Scan saved at 21:07:26, on 4-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    E:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc
    O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM
    O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Logje ziet er goed uit.

    Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\sbgsyga.exe
    Post het resultaat van de scan.
  • STATUS: FINISHEDComplete scanning result of "sbgsyga.exe", received in VirusTotal at 11.04.2006, 21:34:40 (CET).

    Antivirus Version Update Result
    AntiVir 7.2.0.37 11.03.2006 no virus found
    Authentium 4.93.8 11.04.2006 could be a corrupted executable file
    Avast 4.7.892.0 11.03.2006 no virus found
    AVG 386 11.04.2006 no virus found
    BitDefender 7.2 11.04.2006 no virus found
    CAT-QuickHeal 8.00 11.04.2006 (Suspicious) - DNAScan
    ClamAV devel-20060426 11.04.2006 no virus found
    DrWeb 4.33 11.04.2006 no virus found
    eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
    eTrust-Vet 30.3.3176 11.03.2006 no virus found
    Ewido 4.0 11.04.2006 no virus found
    Fortinet 2.82.0.0 11.04.2006 no virus found
    F-Prot 3.16f 11.04.2006 no virus found
    F-Prot4 4.2.1.29 11.04.2006 no virus found
    Ikarus 0.2.65.0 11.03.2006 no virus found
    Kaspersky 4.0.2.24 11.04.2006 no virus found
    McAfee 4888 11.03.2006 no virus found
    Microsoft 1.1609 11.04.2006 no virus found
    NOD32v2 1.1853 11.03.2006 no virus found
    Norman 5.80.02 11.03.2006 no virus found
    Panda 9.0.0.4 11.04.2006 Suspicious file
    Sophos 4.10.0 10.26.2006 no virus found
    TheHacker 6.0.1.112 11.03.2006 no virus found
    UNA 1.83 11.03.2006 no virus found
    VBA32 3.11.1 11.04.2006 no virus found
    VirusBuster 4.3.15:9 11.04.2006 no virus found


    Aditional Information
    File size: 10911 bytes
    MD5: 84ceb89c634115c702182b34c3e2d26a
  • Als jij niet weet wat het is, dan zou ik sbgsyga.exe maar verwijderen.

    Zijn er nog problemen?
  • Zo op het eerste gezicht lijkt de machine weer goed te draaien maar ik kan nog steeds de firewall van Windows niet meer inschakelen. Dan krijg ik de meelding: "De instellingen van Windows Firewall kunnen door onbekende oorzaak niet worden weergegeven".
  • Download sharedaccess.reg en plaats het bestand op je bureaublad.
    Dubbelklik op sharedaccess.reg, en laat de wijzigingen aan het register toevoegen.
    Herstart de computer.
    Ga daarna naar Start - Uitvoeren en tik in [b:9d02e07270]cmd[/b:9d02e07270] en daarna op OK.
    Achter de opdracht prompt tik je dit commando in: [b:9d02e07270]NETSH FIREWALL RESET[/b:9d02e07270]
    Druk nu op Enter.
    Ga naar Configuratiescherm - Software - Windows Firewall en kijk of de Firewall-instellingen nu wel worden weergegeven.

    Indien dat niet helpt dan probeer je oplossing 2 van hier.
  • Beste M@rc, He hartsikke veel dank….. Machientje loopt weer als een naaimachine !!!!!
  • Houden zo. :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.