Vraag & Antwoord

Beveiliging & privacy

logfile highjackthis

10 antwoorden
  • Wie wil hier even naar kijken: Logfile of HijackThis v1.99.1 Scan saved at 18:13:28, on 4-11-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe E:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Reboot.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Ga naar start - uitvoeren en tik in: [b:6318033e3d]sc delete MsaSvc[/b:6318033e3d] Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:6318033e3d]O4 - Startup: Reboot.exe[/b:6318033e3d] Klik daarna op "Fix checked" en sluit HijackThis af. Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe Plaats het op je bureaublad. Dubbelklik er op om het programma te starten. In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten. Volg de instructies op het scherm. Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • G‚janne - 06-11-04 21:04:14,32 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Documents and Settings\G‚janne\Bureaublad" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\Common Files\{300DCC10-0BF3-1043-1221-05060305001f} C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f} ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 )))))))))))))))))))))))))))))))))) 2006-11-04 15:45 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2006-11-04 15:45 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2006-11-04 15:44 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys 2006-11-04 15:44 102,912 --a------ C:\WINDOWS\system32\islzma.dll 2006-11-04 15:30 46,352 --a------ C:\WINDOWS\setdebug.exe 2006-11-04 15:30 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2006-11-04 15:30 113 --a------ C:\WINDOWS\system32\zonedon.reg 2006-11-04 15:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2006-11-04 15:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-10-31 22:10 115,642 --a------ C:\WINDOWS\system32\tdc.exe 2006-10-31 22:07 10,911 --a------ C:\sbgsyga.exe 2006-10-05 18:08 162,304 --a------ C:\UNWISE.EXE (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-04 21:05 -------- d-------- C:\Program Files\Common Files 2006-11-04 21:01 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Skype 2006-11-04 18:04 -------- d-------- C:\Program Files\Hitman Pro 2006-11-04 15:50 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Lavasoft 2006-11-04 15:49 -------- d-------- C:\Program Files\SpywareBlaster 2006-11-04 15:47 -------- d-------- C:\Program Files\Spyware Doctor 2006-11-04 15:45 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\PC Tools 2006-11-04 15:44 -------- d-------- C:\Program Files\Webroot 2006-11-04 15:44 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Webroot 2006-11-04 15:43 -------- d-------- C:\Program Files\Lavasoft 2006-11-04 15:33 -------- d-------- C:\Program Files\Google 2006-11-01 21:21 -------- d-------- C:\Program Files\MSN 2006-11-01 21:17 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\MSN6 2006-11-01 18:16 -------- d-------- C:\Program Files\PimpFish 2006-11-01 13:40 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Google 2006-10-31 22:41 -------- d-------- C:\Program Files\Java 2006-10-31 22:36 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Help 2006-10-11 14:54 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-09-29 15:36 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Adobe 2006-09-28 17:28 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\LimeWire 2006-09-27 13:03 -------- d-------- C:\Program Files\Adobe 2006-09-27 13:02 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-27 13:00 -------- d-------- C:\Program Files\Windows Media Player 2006-09-27 12:59 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared 2006-09-27 12:57 20016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2006-09-27 08:34 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-21 18:53 -------- d---s---- C:\Documents and Settings\G‚janne\Application Data\Microsoft 2006-09-19 17:19 -------- d-------- C:\Program Files\Incomplete 2006-09-19 13:45 -------- d-------- C:\Program Files\TRUST 640U SILVERLINE HEADSET USB 2006-09-17 20:37 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\AdobeUM 2006-09-17 20:37 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\AdobeAUM 2006-09-17 20:33 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 14:35 -------- d-------- C:\Program Files\LimeWire 2006-09-12 00:16 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Ahead 2006-09-11 11:48 -------- d-------- C:\Program Files\Microsoft Works 2006-09-11 11:48 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-11 11:46 -------- d-------- C:\Program Files\Internet Explorer 2006-09-11 11:43 -------- d-------- C:\Program Files\Outlook Express 2006-09-11 11:43 -------- d-------- C:\Program Files\Common Files\System 2006-09-10 23:00 -------- d-------- C:\Program Files\Windows Live Toolbar 2006-09-10 22:52 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Sun 2006-09-09 13:02 -------- d--h----- C:\Program Files\WindowsUpdate 2006-09-09 12:55 -------- d-------- C:\Program Files\Common Files\Ahead 2006-09-09 12:51 -------- d-------- C:\Program Files\Nero 2006-09-09 12:47 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Macromedia 2006-09-09 11:44 56 -r-hs---- C:\WINDOWS\system32\F7FBD78099.sys 2006-09-09 11:40 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-09 11:38 -------- d-------- C:\Program Files\Corel 2006-09-09 11:38 -------- d-------- C:\Program Files\Common Files\Corel 2006-09-09 11:26 -------- d-------- C:\Program Files\CCleaner 2006-09-09 11:13 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Corel 2006-09-08 14:59 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-08 14:38 -------- d-------- C:\Program Files\Common Files\Java 2006-09-08 14:32 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-09-08 14:32 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-09-08 14:32 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-08 14:32 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-08 14:32 -------- d-------- C:\Program Files\Grisoft 2006-09-08 14:32 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\AVG7 2006-09-08 14:28 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-08 14:28 -------- d-------- C:\Program Files\Microsoft Office 2006-09-08 14:21 -------- d-------- C:\Program Files\xp-AntiSpy 2006-09-08 13:03 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-09-08 13:03 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-08 13:02 62 --ahs---- C:\Documents and Settings\G‚janne\Application Data\desktop.ini 2006-09-08 12:12 -------- d-------- C:\Program Files\Movie Maker 2006-09-08 12:10 -------- d-------- C:\Program Files\Windows NT 2006-09-08 12:10 -------- d-------- C:\Program Files\NetMeeting 2006-09-08 11:59 -------- d-------- C:\Program Files\Realtek Sound Manager 2006-09-08 11:59 -------- d-------- C:\Program Files\Realtek AC97 2006-09-08 11:59 -------- d-------- C:\Program Files\AvRack 2006-09-08 11:58 -------- d-------- C:\Program Files\directx 2006-09-08 11:51 -------- d-------- C:\Program Files\S3 2006-09-08 11:49 -------- d-------- C:\Program Files\VIA 2006-09-08 11:44 -------- d--h----- C:\Program Files\Uninstall Information 2006-09-08 11:44 -------- d-------- C:\Documents and Settings\G‚janne\Application Data\Identities 2006-09-08 11:36 0 -rahs---- C:\MSDOS.SYS 2006-09-08 11:36 0 -rahs---- C:\IO.SYS 2006-09-08 11:36 0 --a------ C:\CONFIG.SYS 2006-09-08 11:36 0 --a------ C:\AUTOEXEC.BAT 2006-09-08 11:36 -------- d-------- C:\Program Files\xerox 2006-09-08 11:36 -------- d-------- C:\Program Files\microsoft frontpage 2006-09-08 11:35 -------- d-------- C:\Program Files\Online Services 2006-09-08 11:34 -------- d-------- C:\Program Files\Common Files\Services 2006-09-08 11:34 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-09-08 11:33 -------- d-------- C:\Program Files\ComPlus Applications 2006-09-08 11:32 -------- d-------- C:\Program Files\MSN Gaming Zone 2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe" "VTTimer"="VTTimer.exe" "VTTrayp"="VTtrayp.exe" "SoundMan"="SOUNDMAN.EXE" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061104-210148-100 O4 - Startup: Reboot.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: 06-11-04 21:06:01.37 C:\ComboFix.txt ... 06-11-04 21:06 Logfile of HijackThis v1.99.1 Scan saved at 21:07:26, on 4-11-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe E:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Logje ziet er goed uit. Ga naar deze website: http://www.virustotal.com/en/indexf.html Laat volgend bestandje scannen: C:\sbgsyga.exe Post het resultaat van de scan.
  • STATUS: FINISHEDComplete scanning result of "sbgsyga.exe", received in VirusTotal at 11.04.2006, 21:34:40 (CET). Antivirus Version Update Result AntiVir 7.2.0.37 11.03.2006 no virus found Authentium 4.93.8 11.04.2006 could be a corrupted executable file Avast 4.7.892.0 11.03.2006 no virus found AVG 386 11.04.2006 no virus found BitDefender 7.2 11.04.2006 no virus found CAT-QuickHeal 8.00 11.04.2006 (Suspicious) - DNAScan ClamAV devel-20060426 11.04.2006 no virus found DrWeb 4.33 11.04.2006 no virus found eTrust-InoculateIT 23.73.45 11.03.2006 no virus found eTrust-Vet 30.3.3176 11.03.2006 no virus found Ewido 4.0 11.04.2006 no virus found Fortinet 2.82.0.0 11.04.2006 no virus found F-Prot 3.16f 11.04.2006 no virus found F-Prot4 4.2.1.29 11.04.2006 no virus found Ikarus 0.2.65.0 11.03.2006 no virus found Kaspersky 4.0.2.24 11.04.2006 no virus found McAfee 4888 11.03.2006 no virus found Microsoft 1.1609 11.04.2006 no virus found NOD32v2 1.1853 11.03.2006 no virus found Norman 5.80.02 11.03.2006 no virus found Panda 9.0.0.4 11.04.2006 Suspicious file Sophos 4.10.0 10.26.2006 no virus found TheHacker 6.0.1.112 11.03.2006 no virus found UNA 1.83 11.03.2006 no virus found VBA32 3.11.1 11.04.2006 no virus found VirusBuster 4.3.15:9 11.04.2006 no virus found Aditional Information File size: 10911 bytes MD5: 84ceb89c634115c702182b34c3e2d26a
  • Als jij niet weet wat het is, dan zou ik sbgsyga.exe maar verwijderen. Zijn er nog problemen?
  • Zo op het eerste gezicht lijkt de machine weer goed te draaien maar ik kan nog steeds de firewall van Windows niet meer inschakelen. Dan krijg ik de meelding: "De instellingen van Windows Firewall kunnen door onbekende oorzaak niet worden weergegeven".
  • Download [url=http://windowsxp.mvps.org/reg/sharedaccess.reg]sharedaccess.reg[/url] en plaats het bestand op je bureaublad. Dubbelklik op sharedaccess.reg, en laat de wijzigingen aan het register toevoegen. Herstart de computer. Ga daarna naar Start - Uitvoeren en tik in [b:9d02e07270]cmd[/b:9d02e07270] en daarna op OK. Achter de opdracht prompt tik je dit commando in: [b:9d02e07270]NETSH FIREWALL RESET[/b:9d02e07270] Druk nu op Enter. Ga naar Configuratiescherm - Software - Windows Firewall en kijk of de Firewall-instellingen nu wel worden weergegeven. Indien dat niet helpt dan probeer je oplossing 2 van [url=http://users.telenet.be/marcvn/spyware/1465329.htm]hier[/url].
  • Beste M@rc, He hartsikke veel dank..... Machientje loopt weer als een naaimachine !!!!!
  • Houden zo. :wink:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.