Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Verwijderen van een aantal hardnekkige *.exe programma's

None
18 antwoorden
  • Hallo,

    Ik heb een aantal *.exe programma's op mijn computer staan, die ik op tot nu toe niet op een normale manier heb kunnen verwijderen. Deze programma's, behalve CTFMON.EXE als systeem/Windows-programma, heb ik van de computer verwijderd en zij blijven als opstartprogramma
    elke keer weer terugkomen.

    Het gaat om de volgende bestanden:

    - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
    O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
    O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray

    Verder heb ik volgens AVG-AntiSpyware last van het volgende spyware: Adware.Screensavers

    Voor de rest is mijn computer volgens mij hartstikke schoon van virussen, spyware en andere troep. Wie zou mij willen helpen bij dit probleem.

    Bijgaand Hijackthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:49:32, on 26-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F}} - (no file)
    O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
    O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
    O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe







  • Hi

    Probeer eerst eens het gratis zeer behulpzame progje "Unlocker" te installeren.

    Unlocker:
    http://www.computertotaal.nl/web/show/id=815087/contentid=66600

    Ik laat het zelfs mee opstarten.
    Zodra je een programma verwijdert die meldt programma kan niet… komt het te hulp en zal de lopende progs uitschakelen.

    Kijk ook eens of ze ergens geactiveerd staan bij Services.

    Start>uitvoeren>services.msc klik daar rechts op het eventuele programma.
    >eigenschappen>en plaats uitgeschakeld
    Probeer daarna te verwijderen.

    Laat eens het gratis prog A-squared en/of Spybot draaien en verwijder desnoods in Safe Mode (opstarten F8 )

    [b:e253966f99][/b:e253966f99]
  • Van alles geprobeerd, onder Services zijn ze niet geactiveerd. Deze programma's waren al verwijderd, dus Unlocker functioneert op deze manier ook niet (wel geinstalleerd).

    Het probleem is dat de opstartsoftware ontbreekt volgens CCleaner. Als beveiliging en onderhoud van mijn computer (Windows XP Pro SP2) heb ik op dit moment de volgende progs: Ad-Aware SE, a-squared Security Center, ATF-Cleaner, Autoruns, AVG ARK, AVG ASW, CCleaner, COMODO Firewall Pro, Dr.Web-cureit, EasyCleaner, HijackThis, Hitman Pro (CWShredder, ewido_micro, Spybot S&D, Spyware Blaster), NOD32, Prevx1, Registry Mechanic, Windows Defender en WinPatrol.

    Ook in de veilige modus zijn ze met geen mogelijkheid te verwijderen (voor even wel, maar daarna zijn ze weer terug). Via Regedit de boel handmatig geprobeerd te verwijderen, maar helaas pindakaas. Wat blijft daar in het register trouwens een troep achter, ondanks de register cleaners.

    Heb je nog andere opties voor dit probleem?
  • zoeken met google: remove on reboot
  • Nog steeds geen resultaat. Voor alle duidelijkheid: deze programma's zijn van mijn computer verwijderd en staan er ook niet meer op, alleen zij blijven als auto startup program terugkomen.

    Een klein gedeelte uit een HJT-log:

    [b:0047e67cc8]Autorun entries from Registry:[/b:0047e67cc8]

    [b:0047e67cc8]HKLM\Software\Microsoft\Windows\CurrentVersion\Run[/b:0047e67cc8]

    WinPatrol = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    nod32kui = "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

  • Hi

    Wat een reeks beveiligingsprogrammas dat je daar hebt.
    Zo veel.
    Het ziet ernaar uit dat je volgens mij toch beter een herinstallatie doet.
    Of misschien eerst een system restore.

    [quote:80b74c0f70]
    Wat blijft daar in het register trouwens een troep achter, ondanks de register cleaners. [/quote:80b74c0f70]

    Na vele progjes te hebben getest lijkt mij "Regseeker" (reeds geruime tijd)
    Heel betrouwnaar zonder ooit maar één fout te hebben geregistreerd.

    http://www.hoverdesk.net/freeware.htm

    ————————————————————————-
  • Doggy,


    Schakel eerst Ad-Watch uit, anders worden alle register veranderingen weer terug gedraaid.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:69868285d3]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F}} - (no file)
    O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F} - (no file)
    [/b:69868285d3]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    start opnieuw op en plaats een nieuw HJT logje aub.
  • Hallo Juisterr,

    Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log.

    Vraag: herstelt Ad-Watch inderdaad alle registerwijzigingen of slechts een aantal. Mijn computer wordt nl. na 1 keer schoonmaken van het register door 3 of 4 verschillende programma's een stukken sneller zonder problemen (behalve dan die zogenaamde opstartprogramma's).

    HJT-log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:53:17, on 28-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

    Antigua bedankt voor jouw advies, maar jouw advies lijkt mij (voorlopig niet) voldoende, eerder een laatste redmiddel. In ieder geval bedankt.







  • Hallo Juisterr,

    Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log.
  • [quote:e279fbac11="Doggy94"]Hallo Juisterr,

    Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log (tussentijds verwijderd, zie volgende regel).
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:b5c246b2dc]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    [/b:b5c246b2dc]
    Klik op 'Fix checked' om de items te verwijderen.


    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
    Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].
    Ga naar het tabblad "Main" en klik op de knop [b:b5c246b2dc]Exit[/b:b5c246b2dc] om het programma af te sluiten.

    2. Download [b:b5c246b2dc]Dr.Web CureIt[/b:b5c246b2dc] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:b5c246b2dc]drweb-cureit.exe[/b:b5c246b2dc] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:b5c246b2dc]Options[/b:b5c246b2dc] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:b5c246b2dc]groene pijl[/b:b5c246b2dc] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:b5c246b2dc]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:b5c246b2dc]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:b5c246b2dc]Move incurable[/b:b5c246b2dc] zoals je zal zien in volgende afbeelding:
    [img:b5c246b2dc]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:b5c246b2dc]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:b5c246b2dc]file[/b:b5c246b2dc] en kies [b:b5c246b2dc]save report list[/b:b5c246b2dc]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:b5c246b2dc]Herstart[/b:b5c246b2dc] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
  • Alles uitgevoerd, zoals gevraagd. Dr.Web CureIt heeft niks kunnen vinden, ik kon dus geen log kopieren.

    Bijgevoegd: HJT-log en het resultaat van een AVG-ASW scan

    Logfile of HijackThis v1.99.1
    Scan saved at 21:28:00, on 29-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Live Mail desktop\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

    AVG-ASW:

    Origin:

    HKLM\SYSTEM\ControlSet003\Control\Video\{0A4C146C-EC17-42F2-85A7-23C2E8EA6BA6}\0000\\_nhl2005.exeD3DOGL_67207556

    Infected with:

    Adware.Screensavers







  • je logje ziet er schoon uit, nog problemen?
  • [quote:863be1e8ba="juisterr"]je logje ziet er schoon uit, nog problemen?[/quote:863be1e8ba]

    Alleen AVG-ASW vindt nog de volgende infectie: Adware.Screensavers

    Deze staat in:

    HKLM\SYSTEM\ControlSet003\Control\Video\{0A4C146C-EC17-42F2-85A7-23C2E8EA6BA6}\0000\\_nhl2005.exe:D3DOGL_67207556

    Delete, Delete on reboot en in Quarantine zetten lukt allemaal, maar na een herstart is die weer terug.

    Voor de zekerheid een nieuwe HJT-log:
    Logfile of HijackThis v1.99.1
    Scan saved at 16:54:04, on 30-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Windows Live Mail desktop\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe







  • http://www.eldevice.net/upload/RPT_0001.HTM


    komt hier vandaan.


    Download [b:c82db3e58a]Combofix[/b:c82db3e58a] naar je Bureaublad.
    Dubbelklik [b:c82db3e58a]Combofix.exe[/b:c82db3e58a]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:c82db3e58a]NIET[/b:c82db3e58a] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:c82db3e58a]combofix.txt[/b:c82db3e58a] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • "Mark" - 2007-05-30 22:53:14 Service Pack 2
    ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Mark\Bureaublad\Beveiliging Onderhoud\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


    2007-05-30 22:42 <DIR> dr-h—– C:\Documents and Settings\Mark\Onlangs geopend
    2007-05-30 22:42 <DIR> dr-h—– C:\DOCUME~1\Mark\Onlangs geopend
    2007-05-30 00:04 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1
    View_Profiles
    2007-05-29 01:24 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-05-29 01:08 <DIR> d——– C:\SiteAdvisor
    2007-05-29 01:08 <DIR> d——– C:\McAfee
    2007-05-27 12:18 <DIR> d——– C:\Program Files\Remove on Reboot
    2007-05-26 21:57 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arovax
    2007-05-25 08:26 <DIR> d——– C:\Program Files\ZSoft
    2007-05-23 14:27 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Comodo
    2007-05-23 14:27 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
    2007-05-23 14:19 <DIR> d——– C:\Program Files\Comodo
    2007-05-23 01:23 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\GlarySoft
    2007-05-22 00:32 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Prevx
    2007-05-22 00:32 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
    2007-05-22 00:30 77,312 –a—— C:\WINDOWS\ua2.dll
    2007-05-20 17:06 93,792 –a—— C:\WINDOWS\system32\prfc0413.dat
    2007-05-20 17:06 497,420 –a—— C:\WINDOWS\system32\prfh0413.dat
    2007-05-19 22:19 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Regrun
    2007-05-19 21:58 29,612 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-05-19 21:58 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-05-19 17:38 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Uniblue
    2007-05-18 21:08 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Mijn documenten
    2007-05-17 09:53 <DIR> d——– C:\Program Files\a-squared Anti-Malware
    2007-05-17 09:05 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-05-16 21:16 <DIR> d——– C:\Documents and Settings\Mark\DoctorWeb
    2007-05-16 21:16 <DIR> d——– C:\DOCUME~1\Mark\DoctorWeb
    2007-05-11 14:34 <DIR> d——– C:\Program Files\Mgtweak
    2007-05-11 14:31 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro
    2007-05-11 14:30 87,608 –a—— C:\DOCUME~1\Mark\APPLIC~1\inst.exe
    2007-05-11 14:30 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-05-11 14:30 47,360 –a—— C:\DOCUME~1\Mark\APPLIC~1\pcouffin.sys
    2007-05-11 14:30 <DIR> d——– C:\Program Files\LG Software Innovations
    2007-05-11 14:30 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Vso
    2007-04-25 20:57 <DIR> d——– C:\Program Files\BinarySense
    2007-04-25 20:57 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\BinarySense
    2007-04-24 00:58 <DIR> d——– C:\Program Files\BySoft FreeRAM
    2007-04-24 00:30 <DIR> d——– C:\Program Files\Realtek AC97
    2007-04-19 10:25 <DIR> d——– C:\DOCUME~1\Claudia\APPLIC~1\SiteAdvisor
    2007-04-17 11:09 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
    2007-04-17 11:08 <DIR> d——– C:\Program Files\SiteAdvisor
    2007-04-17 11:08 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\SiteAdvisor
    2007-04-17 11:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    2007-04-17 00:09 3,968 –a—— C:\WINDOWS\system32\drivers\AvgArCln.sys
    2007-04-09 23:13 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\DVD Flick
    2007-04-01 21:08 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-04-01 21:08 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-04-01 21:08 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-04-01 01:26 <DIR> dr-h—– C:\DOCUME~1\LOCALS~1\Onlangs geopend
    2007-04-01 00:06 <DIR> d——– C:\Program Files\Microsoft Bootvis
    2007-04-01 00:01 <DIR> d——– C:\Program Files\ClearType Tuner


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-30 17:13:28 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-30 16:49:26 ——– d—–w C:\Program Files\SpywareBlaster
    2007-05-26 23:18:15 ——– d—–w C:\Program Files\QuickTime
    2007-05-26 19:23:33 ——– d—–w C:\Program Files\DAP
    2007-05-23 11:37:28 4,212 —h–w C:\WINDOWS\system32\zllictbl.dat
    2007-05-23 00:18:55 ——– d—–w C:\Program Files\Driver Magician
    2007-05-23 00:18:29 ——– d—–w C:\Program Files\Eraser
    2007-05-23 00:17:16 ——– d—–w C:\Program Files\WhatsRunning
    2007-05-22 00:07:34 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-15 19:17:41 ——– d—–w C:\Program Files\Documents and Settings
    2007-05-11 11:41:34 ——– d—–w C:\Program Files\Rainlendar
    2007-05-08 21:23:25 ——– d—–w C:\Program Files\GrabIt
    2007-04-18 19:23:46 ——– d—–w C:\Program Files\LimeWire
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-10 17:42:57 ——– d—–w C:\Program Files\Ubisoft
    2007-04-10 17:41:38 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\Gearbox Software
    2007-04-09 23:37:57 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\AdobeUM
    2007-03-31 22:34:14 93,792 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-31 22:34:14 497,420 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-31 21:47:33 ——– d—–w C:\Program Files\Windows Installer Clean Up
    2007-03-31 21:46:53 ——– d—–w C:\Program Files\MSECACHE
    2007-03-31 21:40:17 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\Windows Desktop Search
    2007-03-31 21:39:02 ——– d—–w C:\Program Files\Windows Desktop Search
    2007-03-31 15:21:09 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\DVD Shrink 3.0
    2007-03-20 13:17:25 0 —-a-w C:\WINDOWS\system32\SBRC.dat
    2007-03-20 13:17:25 0 —-a-w C:\WINDOWS\system32\SBFC.dat
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [2006-01-10 12:09]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-05-14 06:25]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 18:29]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 19:33]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-25 20:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\autorun.exe

    *Newly Created Service* -PROCEXP90

    Contents of the 'Scheduled Tasks' folder
    2007-05-30 20:46:55 C:\WINDOWS\tasks\MP Scheduled Scan.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-30 22:56:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-30 22:57:45
    C:\ComboFix-quarantined-files.txt … 2007-05-30 22:57
    C:\ComboFix2.txt … 2007-05-29 01:24

    — E O F —


    Logfile of HijackThis v1.99.1
    Scan saved at 23:08:08, on 30-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe











  • Ik zie toch geen directe bedreigingen dacht ik, hoe gaat het nu ?
  • [quote:36ef066c80="juisterr"]Ik zie toch geen directe bedreigingen dacht ik, hoe gaat het nu ?[/quote:36ef066c80]

    Geen problemen meer. Als ik het goed begrijp, is Adware.Screensavers geen directe bedreiging. Mijn hartelijke dank voor de gedane moeite.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.