Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

opstart probleem en logfile

juisterr
16 antwoorden
  • hoi ik heb het volgende probleem,als ik mijn pc opstart start hij op totdat mijn virusscan moet opstarten dit duurd een paar minuten en tot die tijd is de windows firewall ook nog niet ingeschakeld.

    heb al tal van scanprogrammas er overheen gegooid en ccleaner

    alles lijkt schoon te zijn.

    deze trojaan vond ik wel meerdere malen

    Win32.Bifrose.aas en zit volgens mij in een update van nero 7 teminste toen ik die update over nero heen instaleerde merkte kaspersky hem op.

    HIER MIJN LOGFILE :

    Logfile of HijackThis v1.99.1
    Scan saved at 2:00:15, on 13-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\HP_Eigenaar\Bureaublad\extra map Ben Crooijmans\hijackthislog\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


  • geen spoor van een virus.

    Daar je al van alles gedraaid hebt, wil je onderstaande doen aub.

    Download [b:da6d511e4e]Combofix[/b:da6d511e4e] naar je Bureaublad.[list:da6d511e4e]
    Dubbelklik [b:da6d511e4e]Combofix.exe[/b:da6d511e4e]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:da6d511e4e]NIET[/b:da6d511e4e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:da6d511e4e]
    Wanneer de fix voltooid is en na herstart, zal de log [b:da6d511e4e]combofix.txt[/b:da6d511e4e] openen.
    [i:da6d511e4e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:da6d511e4e]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • HP_Eigenaar - 06-11-13 23:55:51,51 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\HP_Eigenaar\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


    2006-11-12 23:31 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-11-11 14:00 774,144 –a—— C:\WINDOWS\system32\vsfilter.dll
    2006-11-11 14:00 679,936 –a—— C:\WINDOWS\system32\xvidcore.dll
    2006-11-11 14:00 421,888 –a—— C:\WINDOWS\system32\OpenQuicktimeLib.dll
    2006-11-11 14:00 1,024,000 –a—— C:\WINDOWS\system32\3ivx.dll
    2006-10-29 23:16 110,592 –a—— C:\WINDOWS\system32\ccrpbds6.dll
    2006-10-25 19:50 892,928 –a—— C:\WINDOWS\system32\NCTAudioInformation.dll
    2006-10-25 19:50 274,432 –a—— C:\WINDOWS\system32\NCTAudioPlayer.dll
    2006-10-25 19:50 233,472 –a—— C:\WINDOWS\system32\lame_enc.dll
    2006-10-25 19:50 1,703,936 –a—— C:\WINDOWS\system32\NCTAudioFile.dll
    2006-10-25 02:31 94,208 ——— C:\WINDOWS\system32\Msstkprp.dll
    2006-10-25 02:31 6,144 ——— C:\WINDOWS\system32\drivers\cinemsup.sys
    2006-10-25 02:31 45,056 ——— C:\WINDOWS\system32\Swcmcfg.dll
    2006-10-25 02:31 36,864 ——— C:\WINDOWS\system32\cinemres.dll
    2006-10-25 02:31 30,720 ——— C:\WINDOWS\system32\Cinmhook.dll
    2006-10-25 02:31 262,144 ——— C:\WINDOWS\system32\dvdpld32.dll
    2006-10-25 02:31 2,940,928 ——— C:\WINDOWS\system32\Cinmst32.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-13 00:46 ——– d——– C:\Program Files\Microsoft AntiSpyware
    2006-11-13 00:12 ——– d——– C:\Program Files\SpywareBlaster
    2006-11-13 00:03 ——– d——– C:\Program Files\EMCO Malware Destroyer
    2006-11-12 23:43 ——– d——– C:\Program Files\Registry Mechanic
    2006-11-12 23:06 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\Ahead
    2006-11-12 21:18 ——– d——– C:\Program Files\Common Files\Ahead
    2006-11-12 16:27 ——– d——– C:\Program Files\Banner Maker Pro for Flash
    2006-11-11 21:10 ——– d——– C:\Program Files\DVD Shrink
    2006-11-11 21:09 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-11-11 16:50 ——– d——– C:\Program Files\Nero
    2006-11-11 14:35 ——– d——– C:\Program Files\Common Files
    2006-11-11 14:21 ——– d——– C:\Program Files\Diskeeper Corporation
    2006-11-11 14:02 ——– d——– C:\Program Files\Ahead
    2006-11-11 14:00 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-11-11 13:57 ——– d——– C:\Program Files\CoverGet
    2006-10-29 23:16 ——– d——– C:\Program Files\PIXresizer
    2006-10-29 15:32 ——– d—s—- C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft
    2006-10-29 15:21 ——– d——– C:\Program Files\Microsoft Office
    2006-10-29 15:21 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-10-28 13:21 ——– d——– C:\Program Files\NCH Swift Sound
    2006-10-27 16:49 ——– d——– C:\Program Files\besweet
    2006-10-25 20:24 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\NCH Swift Sound
    2006-10-25 20:10 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\RecordPad
    2006-10-25 02:31 ——– d——– C:\Program Files\Ravisent
    2006-10-25 02:31 ——– d——– C:\Program Files\Common Files\Ravisent Shared
    2006-10-24 22:59 ——– d——– C:\Program Files\SubRip
    2006-10-20 18:59 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\Canon
    2006-10-17 18:56 ——– d——– C:\Program Files\Maketorrent 2
    2006-10-12 18:12 61072 –a—— C:\WINDOWS\system32\drivers\klick.sys
    2006-10-12 18:12 59536 –a—— C:\WINDOWS\system32\drivers\klin.sys
    2006-09-13 06:07 1084416 ——— C:\WINDOWS\system32\msxml3.dll
    2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
    2006-08-22 23:31 5906432 ——— C:\WINDOWS\system32\ieframe.dll
    2006-08-22 23:31 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-08-22 23:31 457728 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-08-22 23:31 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-08-22 23:31 225792 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-08-22 23:31 175616 ——— C:\WINDOWS\system32\ieui.dll
    2006-08-22 23:31 152064 –a—— C:\WINDOWS\system32\msls31.dll
    2006-08-22 23:18 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-08-22 23:18 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-08-22 23:17 40448 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-08-22 23:17 105472 –a—— C:\WINDOWS\system32\url.dll
    2006-08-22 23:17 100352 –a—— C:\WINDOWS\system32\occache.dll
    2006-08-22 23:16 16896 –a—— C:\WINDOWS\system32\corpol.dll
    2006-08-22 23:14 378368 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-08-22 23:14 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-08-22 23:13 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-08-22 23:13 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-08-22 23:13 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-08-22 23:13 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-08-22 23:13 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-08-22 23:13 122880 –a—— C:\WINDOWS\system32\advpack.dll
    2006-08-22 23:13 11776 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-08-22 23:11 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-08-22 23:10 61440 ——— C:\WINDOWS\system32\icardie.dll
    2006-08-22 23:10 35328 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-08-22 23:09 262656 ——— C:\WINDOWS\system32\iertutil.dll
    2006-08-22 23:07 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-08-22 22:37 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-08-22 22:36 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-08-22 22:30 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
    "HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AlcWzrd"="ALCWZRD.EXE"
    "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-13 23:57:16.90
    C:\ComboFix.txt … 06-11-13 23:57
  • Logfile of HijackThis v1.99.1
    Scan saved at 0:00:58, on 14-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\HP_Eigenaar\Bureaublad\extra map Ben Crooijmans\hijackthislog\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


  • Het Hijackthis log is vrijwel schoon. Alleen de volgende regel valt als "nasty" uit de toon:
    [b:dc23592fa6]
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    [/b:dc23592fa6]
    @ home wil dus graag je startpagina blijven. :-?

    Met Combofix heb ik echter geen ervaring. Is dat net zoiets als Hijackthis?
    Wie kan er iets meer over vertellen?
  • gebruikt tweak toevallig de analyser, ga daar niet op af ivm de valste positieve.
    Ik weet wel af van combofix dus mag ik eerst daar even naar kijken voor je de fix voor me afmaakt.??
  • geen spoor van die trojan die je meld, toch maar een scanner gebruiken want wie weet verbergt hij zich.



    Download en installeer [b:56fb7ffa39]AVG Anti-Spyware[/b:56fb7ffa39].[list:56fb7ffa39]
    Na de installatie, open AVG Anti-Spyware:
    * onder "[b:56fb7ffa39]Status[/b:56fb7ffa39]", klik op [b:56fb7ffa39]Change state[/b:56fb7ffa39] naast "Resident shield". (wijzig van active naar [b:56fb7ffa39]inactive[/b:56fb7ffa39]!)
    * onder "[b:56fb7ffa39]Update[/b:56fb7ffa39]", klik op de [b:56fb7ffa39]Start update[/b:56fb7ffa39] knop.
    * onder "[b:56fb7ffa39]Scanner[/b:56fb7ffa39]", tab "Settings":[list:56fb7ffa39]- onder "How to act?", klik op "[u:56fb7ffa39]Recommended actions[/u:56fb7ffa39]" en selecteer [b:56fb7ffa39]Quarantine[/b:56fb7ffa39]. ([b:56fb7ffa39]ZEER BELANGRIJK![/b:56fb7ffa39])
    * onder "Reports", selecteer [b:56fb7ffa39]Automatically generate report after every scan[/b:56fb7ffa39] en [u:56fb7ffa39]verwijder[/u:56fb7ffa39] het vinkje bij [b:56fb7ffa39]Only if threats were found[/b:56fb7ffa39][/list:u:56fb7ffa39]
    Sluit AVG Anti-Spyware. Laat het [b:56fb7ffa39]nog niet[/b:56fb7ffa39] scannen.[/list:u:56fb7ffa39]

    Start op in veilige modus

    Start [b:56fb7ffa39]AVG Anti-Spyware[/b:56fb7ffa39].[list:56fb7ffa39]* Klik op [b:56fb7ffa39]Scan[/b:56fb7ffa39] en kies [b:56fb7ffa39]Complete System Scan[/b:56fb7ffa39].
    Na de scan; volg onderstaande instructies :
  • ik heb de regel van @home niet verwijdert hoor,zie niet in wat er mis is met @home als opstartpagina :-?

    wel heb ik de volgende stappen van je opgevolgd wat betreft AVG
    en hier het report :

    ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 23:10:53 15-11-2006

    + Scan result:



    C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\BugDoctor.ico -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-09-13_00-14-11.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-09-19_00-41-19.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-11_21-02-17.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-12_12-11-57.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-12_21-03-47.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74DE36A-B95C-49A1-8F41-A09F3D187747} -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SoftwareDoctor\ErrorDoctor\1.3 -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
    C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    Avg heeft dus wel het scanprogje van errordoctor onbruikbaar gemaakt
    en wordt als adware beschouwt :-?
    is dit een schadelijk progje dan,heb er nooit problemen mee gehad.

    maar verder zijn de problemen nog niet opgelost.
  • Ik moet zeggen dat ik het hele progje niet ken, ik ga dat eens opzoeken, maar avg heeft niet de neiging om goeie dingen te verwijderen. Je hoort van me.

    Juisterr
  • Symantec vind het adware en spyware en dus rommel. Volgens mij mag het gewoon weg.

    en als je googled naar softwaredoctor kom je vanzelf dit tegen
    http://www.bleepingcomputer.com/startups/AgentSpyware-15569.html

    en dan weet ik zeker dat hij weg mag, dus je mag nogmaals scannen en dan alles verwijderen wat het vind.

    Plaats daarna een nieuw logje aub

    Juisterr
  • bedankt voor de info,maar errordoctor staat al in quarantine :D moet ik die definetief verwijderen dan?

    ik ben nu aan het scannen maar die duurt bijna 2 uur dus het logje volgt wat later :D
  • het nieuwe logje AVG

    ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 22:54:35 16-11-2006

    + Scan result:



    C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.


    ::Report end
  • dat is alvast mooi, hoe is het met de problemen nu?
  • nee het probleem is er niet mee verholpen :-?
  • Hmmm

    Download sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
    Plaatst het op je bureaublad.
    Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
    Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
    Zorg dat aangevinkt zijn:
    - Running processes
    - Windows Registry
    - Local Hard Drives
    Klik op de knop "Start Scan".

    Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
    Ga naar Start - Uitvoeren en tik in: [b:b010a614c5]%temp%\sarscan.log[/b:b010a614c5]
    Er opent een kladblokbestandje. Post de inhoud van dit bestand.

    bvd
    Juisterr
  • Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
    Started logging on 19-11-2006 at 23:24:29
    Warning: Failed to flush drive \\.\C:. Registry scan may produce
    invalid results.
    Het proces heeft geen toegang tot het bestand omdat
    het bestand door een ander proces wordt gebruikt.
    Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40
    Stopped logging on 19-11-2006 at 23:29:46

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.