Vraag & Antwoord

Beveiliging & privacy

HJT log, is er iets mis?

15 antwoorden
  • De laatste week start de pc langzamer op dan daarvoor. 3 a 4 min. Als Windows wordt geladen dan gaat de voortgangaanduiding nog prima na 5 maal start hij door maar dan duurt het langer. Als dan het bureaublad komt dan duurt het ook weer even voordat in de taakbalk naast de klok de icoontjes van AVG en ZA komen. AdAware, Spybot en Ewido gedraaid. Ik dacht dat bij Spybot of bij Ewido de melding kwam: Microsoft. WindowsSecurityCenter.AntiVirusOverride: Instellingen (Registerwijziging., nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER\AntiVirusOverride!=dword:0 Ik heb toen bovenaan het scherm op repareren geklikt, en daarna is het opstarten langzamer gegaan. Als ik nu in het register kijk dan is deze regel aanwezig met dword:0 In mijn logfiles Toepassing, Beveiliging en Systeem staan geen waarschuwingen of fouten. Indien de log schoon is moet ik dus verder gaan zoeken, services e.d. O ja. ik zie bij regel 016 iets staan met Housecall, in het verleden heb ik die wel eens gebruikt, kan die weg? Bij voorbaat dank! Logfile of HijackThis v1.99.1 Scan saved at 11:14:11, on 9-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5A659528-03FD-4B3B-9D9E-356358FF4D59}: NameServer = 194.109.104.104 194.109.6.66 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • Start HJT opnieuw en doe een systemscan only, vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked. [b:4e23e556b4]O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/b:4e23e556b4] Start opnieuw op en maak een nieuw HJT logje aub. Vertel eens of je problemen al over zijn. J
  • Bedankt voor je reactie juisterr. Omdat het toch even duurde voordat een kenner zich meldde, maar ja het is natuurlijk wel weekend dus alle begrip, ben ik zelf ook verder op onderzoek uitgeweest. Ik had Microsoft Defender ruim 2 weken geleden geinstalleerd maar die er inmiddels weer afgegooid. Ik constateerde bij windows taakbeheer dat deze (MsMpEng.exe) wel heel erg vaak bezig was en 60% van de cpu gebruikte, dus daardoor ook veel vertraging. Ook heb ik in Msconfig een 3-tal taken uitgevinkt van progs die je ook handmatig kunt starten als je ze nodig hebt. Ook heb ik DrWebb weer gedraaid en na ruim 2 uur kwam die met de melding dat er niets was gevonden. Bij het opnieuw starten kon ik de tijd niet helemaal controleren want er kwam een melding dat eerst de schijfruimte op consistentie moest worden gecontroleerd. Gelukkig kwam de melding dat er geen problemen waren vastgesteld. Toch had ik het idee dat na het welkomscherm het wat sneller ging. Hierbij de nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 21:43:48, on 10-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{5A659528-03FD-4B3B-9D9E-356358FF4D59}: NameServer = 194.109.104.104 194.109.6.66 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe juisterr bedankt tot zover, is er nog meer dan hoor ik dat graag.
  • Deze regel nog even fixen met hjt op de manier zoals eerder beschreven. [b:4cbc72e773]O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing)[/b:4cbc72e773] Gebruik je toevallig Hitmanpro ??? · [u:4cbc72e773]Clean de Cache and Cookies in [color=blue:4cbc72e773]IE[/color:4cbc72e773][/u:4cbc72e773]:[list:4cbc72e773][*:4cbc72e773][b:4cbc72e773]Sluit[/b:4cbc72e773] Internet Explorer. [*:4cbc72e773]Ga naar Configuratiescherm > Internet Opties > tab Algemeen [*:4cbc72e773]Klik de [b:4cbc72e773]Cookies verwijderen[/b:4cbc72e773] knop [*:4cbc72e773]Klik op de [b:4cbc72e773]Bestanden verwijderen[/b:4cbc72e773] knop ernaast [*:4cbc72e773][b:4cbc72e773]Vink aan[/b:4cbc72e773]: Ook alle off line items verwijderen, klik OK[/list:u:4cbc72e773]* [u:4cbc72e773]Clean de Cache and Cookies in [color=blue:4cbc72e773]Firefox[/color:4cbc72e773][/u:4cbc72e773] (In geval Firefox geïnstalleerd is):[list:4cbc72e773][*:4cbc72e773]Go to Extra > Opties. [*:4cbc72e773]Klik [b:4cbc72e773]Privacy[/b:4cbc72e773] in het menu. [*:4cbc72e773]Klik op de knop [b:4cbc72e773]Wissen[/b:4cbc72e773] (Geschiedenis, Cookies, Cache). [*:4cbc72e773]Klik OK om het venster opnieuw te sluiten.[/list:u:4cbc72e773] * [u:4cbc72e773]Clean [color=blue:4cbc72e773]andere Temporary files + Prullenbak[/color:4cbc72e773][/u:4cbc72e773][list:4cbc72e773][*:4cbc72e773]Ga naar Start > Uitvoeren en typ: [b:4cbc72e773]cleanmgr[/b:4cbc72e773] en klik ok. [*:4cbc72e773]Laat het je systeem scannen op bestanden die moeten verwijderd worden [*:4cbc72e773]Zorg er wel voor dat je daar [b:4cbc72e773]enkel[/b:4cbc72e773] maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt. [*:4cbc72e773]Klik daarna op OK.[/list:u:4cbc72e773] vertel eens hoe het nu gaat.??
  • juisterr ook ik had al geconstateerd dat eBay regel O9 er nog in stond en had nogmaals geprobeerd deze te verwijderen. Hoewel HJ zegt dat die hem heeft verwijderd staat hij er ook nu nog. (opnieuw opgestart en geen progs open, ra ra) Ik gebruik beslist geen Hitmanpro. Wel heb ik NAV gebruikt maar nu al bijna 2 jaar AVG. Toch zie ik nog 2 regels O16 staan met een Symantec verwijzing, kunnen die weg? Jij weet vast wel een andere manier om toch van de eBay af te komen. Het opstarten duurt nu 1 min. en 40 sec. prima lijkt me. Logfile of HijackThis v1.99.1 Scan saved at 22:17:37, on 10-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Bedankt weer. Edit: toen ik cleanmgr draaide waren alle onderdelen op op 0kB.
  • Vink die regel nogmaals aan en fix hem. Ga met de verkenner zoeken naar. C:\Program Files\IrfanView\[b:dd434b8241]Ebay\Ebay.htm[/b:dd434b8241] en verwijder het dikgedrukte deel
  • Je verwijzing in Program Files is niet aanwezig, kon dus ook niets verwijderen. Met een zoekfunctie op eBay in de verkenner op C: kwam slechts 1 resultaat: eBayLocations.txt in C:\Program Files\HP\Photosmart Essential. In de nieuwe log is de eBay verwijzing in regel 09 dus weer aanwezig na een nieuwe scan. Het systeem werkt overigens weer redelijk, het is toch iets sneller geweest. Logfile of HijackThis v1.99.1 Scan saved at 9:57:46, on 11-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • Even wat proberen. Download [url=http://www.downloads.subratam.org/KillBox.exe][color=blue:28c26df5d3][b:28c26df5d3]KillBox![/b:28c26df5d3][/color:28c26df5d3][/url] naar je bureaublad. [b:28c26df5d3]Selecteer[/b:28c26df5d3] de onderstaande, vetgedrukte regels, door de linker muisknop ingedrukt te houden en van links boven naar rechts beneden te bewegen (het veld wordt blauw): [list:28c26df5d3][b:28c26df5d3] c:\program files\irfanview\ebay\ebay.htm c:\program files\irfanview\ebay\ [/b:28c26df5d3][/list:u:28c26df5d3] Klik met je rechtermuisknop in het blauwe veld en vervolgens op kopieeren [*] Start KillBox! door te dubbelklikken op het killbox icoontje [*] Open [b:28c26df5d3]options[/b:28c26df5d3] in het killbox menu en selecteer [b:28c26df5d3]auto parse[/b:28c26df5d3] [*] Open [b:28c26df5d3]file[/b:28c26df5d3] in het killboxmenu bovenaan en kies: [b:28c26df5d3]Paste from clipboard[/b:28c26df5d3] [*] [i:28c26df5d3]Het vetgedrukte, dat je hebt geselecteerd en gekopiëerd, zal nu verschijnen in het veld bij Full Path of File to Delete. (Controleer dit eventueel door te klikken op het pijltje naast dat veld) Files die niet (meer) bestaan worden door killbox niet weergegeven[/i:28c26df5d3] [*] kies de optie ('s) [b:28c26df5d3]Delete on reboot[/b:28c26df5d3] en [b:28c26df5d3]unregister dll's before deleting.[/b:28c26df5d3] [*] Klik op de knop [b:28c26df5d3]All files[/b:28c26df5d3]. [*] Klik op de rode cirkel met het wit kruisje erin. [*] Killbox! zal zeggen dat deze bestanden zullen verwijderd worden on reboot.. Klik YES [*] Wanneer Killbox! vraagt om nu te rebooten, klik je op YES. [*] [i:28c26df5d3]Als je volgende boodschap krijgt: PendingFileRenameOperations Registry Data has been Removed by External Process! dan zal je handmatig moeten herstarten.[/i:28c26df5d3][/list] Killbox zal nu je PC herstarten Verwijder na de herstart de map [b:28c26df5d3]C:\!Killbox[/b:28c26df5d3] Leeg daarna de prullenbak kijk eens of het nu weg is.
  • juisterr, killbox gedraaid en volgens de log zou de ebay.htm weg moeten zijn maar in de HJT log staat hij er gewoon weer ondanks dat ik hem ook nog gefixt heb na de scan only. In het register ben ik op zoek gegaan naar EF79EAC5 (een gedeelte van wat tussen {} staat bij regel 09 en die "sleutel" gevonden exact met de gegevens die daar ook staan. Ik heb deze sleutel toen verwijderd maar dat heeft schijnbaar ook niets opgeleverd. Wat nu? Ik kan overigens leven met de huidige situatie. Weer bedankt juisterr !!! Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 12:59 PM Killbox Closed(Exit) @ 1:00:17 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 1:00 PM Killbox Closed(Exit) @ 1:01:43 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 1:02 PM # 1 [Delete on Reboot] Path = c:\program files\irfanview\ebay\ebay.htm PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:24 PM Killbox Closed(Exit) @ 1:04:48 PM __________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 13:12:02, on 11-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{5A659528-03FD-4B3B-9D9E-356358FF4D59}: NameServer = 194.109.104.104 194.109.6.66 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • Geconstateerd dat killbox maar 1 regel had gekild. Ik heb nu ook de nadere regel laten killen, zie onderste gedeelte van de log. Na herstart krijg ik de betreffende regel toch weer in een nieuwe HJT log. Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 12:59 PM Killbox Closed(Exit) @ 1:00:17 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 1:00 PM Killbox Closed(Exit) @ 1:01:43 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 1:02 PM # 1 [Delete on Reboot] Path = c:\program files\irfanview\ebay\ebay.htm PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:24 PM Killbox Closed(Exit) @ 1:04:48 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as G. van den Broek(Administrator) was started @ maandag, december 11, 2006, 1:25 PM # 1 [Delete on Reboot] Path = c:\program files\irfanview\ebay\ PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:26:24 PM Killbox Closed(Exit) @ 1:26:36 PM Het forum is wel pokke traag zeg, dit bericht uploaden duurde zeker 1 min na inactiviteit van 50 sec.__________________________________
  • Ja dit forum is nogal traag, druk bezocht he. Nog 1 poging. Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:6b51ea6554]Combofix[/b:6b51ea6554][/url] naar je Bureaublad.[list:6b51ea6554] Dubbelklik [b:6b51ea6554]Combofix.exe[/b:6b51ea6554] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:6b51ea6554]NIET[/b:6b51ea6554] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:6b51ea6554] Wanneer de fix voltooid is en na herstart, zal de log [b:6b51ea6554]combofix.txt[/b:6b51ea6554] openen. [i:6b51ea6554]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:6b51ea6554] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • En hier dan de beide logs, ik hoop dat je toch nog iets vindt. G. van den Broek - 06-12-11 14:11:38,46 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Documents and Settings\G. van den Broek\Bureaublad" ((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 )))))))))))))))))))))))))))))))))) 2006-12-11 12:44 <DIR> d-------- C:\Program Files\RegVac Registry Cleaner 2006-12-09 22:51 <DIR> d--hs---- C:\Config.Msi 2006-12-09 22:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2006-12-09 22:35 <DIR> dr-h----- C:\Documents and Settings\G. van den Broek\Onlangs geopend 2006-11-29 13:33 <DIR> d-------- C:\Program Files\Hema Album Software Advanced 2006-11-17 22:20 <DIR> d-------- C:\WINDOWS\All Users\Application Data\Easy Computing 2006-11-17 22:16 30,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys 2006-11-17 22:16 249,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys 2006-11-17 22:16 <DIR> d-------- C:\Program Files\Common Files\Easy Computing 2006-11-13 23:16 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys 2006-11-13 23:16 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-17 22:16 96320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys 2006-11-13 23:16 816672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys 2006-11-13 23:16 4960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys 2006-11-13 23:16 4224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys 2006-11-13 23:16 28416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys 2006-11-08 20:54 -------- d-------- C:\Program Files\My Book 2006-11-06 13:06 -------- d-------- C:\Program Files\Western Digital Technologies 2006-10-13 13:41 144384 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll 2006-09-13 07:07 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" "TrueImageMonitor.exe"="C:\\Program Files\\Easy Computing\\TrueImage\\TrueImageMonitor.exe" "SystemTray"="SysTray.Exe" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "CTHelper"="CTHELPER.EXE" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,dd,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoSaveSettings"=hex:00,00,00,00 "NoStartBanner"=hex:01,00,00,00 "CDRAutoRun"=hex:00,00,00,00 "NoDrives"=hex:02,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 "NoSaveSettings"=hex:00,00,00,00 "NoStartBanner"=hex:01,00,00,00 "CDRAutoRun"=hex:00,00,00,00 "NoDrives"=hex:00,00,00,00 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 "NoSaveSettings"=hex:00,00,00,00 "NoStartBanner"=hex:01,00,00,00 "CDRAutoRun"=hex:00,00,00,00 "NoDrives"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "Exif Initializer Ver.1.0"="C:\\Program Files\\FUJIFILM\\Exif Initializer Ver.1.0\\EXIFINIT.EXE" "QuickTime Task"=" " "nwiz"="nwiz.exe /install" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "PLoader"="c:\\program files\\umsd tools2.33\\umsd.exe sys_auto_run C:\\Program Files\\UMSD Tools2.33" "UFD Utility9382"="c:\\Program Files\\USB FlashDisk\\UFD Utility 2003\\UFDTool.exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "anvshell"="anvshell.exe" "AudioHQ"=" " "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" "StillImageMonitor"="C:\\WINDOWS\\SYSTEM32\\STIMON.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\nvcpl.dll,NvStartup" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon" "UFD Monitor9382"="c:\\Program Files\\USB FlashDisk\\UFD Utility 2003\\ufdlmon.exe" "ccApp"=" " "HPDJ Taskbar Utility"="C:\\WINDOWS\\SYSTEM32\\hpztsb04.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^WINDOWS^All Users^Start Menu^Programs^StartUp^Adobe Gamma Loader.lnk] "path"=" " "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^WINDOWS^All Users^Start Menu^Programs^StartUp^Adobe Reader Snelle start.lnk] "path"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp\\Adobe Reader Snelle start.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Snelle start" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^WINDOWS^All Users^Start Menu^Programs^StartUp^CAMEDIA Master.lnk] "path"=" " "backup"="C:\\WINDOWS\\pss\\CAMEDIA Master.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Olympus\\CAMEDI~1.1\\CM_CAM~1.EXE " "item"="CAMEDIA Master" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^WINDOWS^All Users^Start Menu^Programs^StartUp^WD Backup Monitor.lnk] "path"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp\\WD Backup Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\WD Backup Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MYBOOK~1\\WDBACK~1\\UBBMON~1.EXE " "item"="WD Backup Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"=" " "hkey"="HKLM" "command"=" " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Agent" "hkey"="HKLM" "command"="C:\\Program Files\\Blokker Bestelsoftware\\Agent.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SandraTheSrv"=dword:00000003 "SandraDataSrv"=dword:00000003 "iPodService"=dword:00000003 "InCDsrv"=dword:00000003 "ewido anti-spyware 4.0 guard"=dword:00000002 "ose"=dword:00000003 "IDriverT"=dword:00000003 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061211-130938-827 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061211-095445-458 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061211-094623-956 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061211-094456-265 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061210-221710-210 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061210-220449-509 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20061210-213818-583 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab backup-20061210-213818-324 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab backup-20061210-213817-490 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20060903-193716-242 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20060903-191028-635 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20060903-184908-319 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20060903-153700-954 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) backup-20060903-153700-174 O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL backup-20060903-153700-772 O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL backup-20060903-153700-211 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) backup-20060830-174159-352 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Meldingsbericht bij belangrijke updates voor Windows.job Completion time: 06-12-11 14:14:01.20 C:\ComboFix.txt ... 06-12-11 14:14 Logfile of HijackThis v1.99.1 Scan saved at 14:19:41, on 11-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Utility's\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ADSL Basis.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100899834476 O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5630/PageDive5.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{5A659528-03FD-4B3B-9D9E-356358FF4D59}: NameServer = 194.109.104.104 194.109.6.66 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • juisterr ik ben er even 2 uurtjes tussenuit, tot daarna.
  • Na het de-installeren van Irfanview, herstarten en Irfanview versie 399 er weer op te zetten is de verwijzing in de HJT log verdwenen. Dus juisterr als je in m'n vorige bericht geen gekke dingen ziet dan mag deze op slot. De snelheid is weer in orde, ook na het draaien van RegVac Register Cleaner die 385 meldingen vond en heeft verwijderd. Terwijl ik toch ook alRegScrubXP en TweakNow RegCleaner Std had gedraaid. juisterr bedankt voor al je moeite!!!
  • Totaal geen moeite hoor, ik doe het graag. Juisterr

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.