Vraag & Antwoord

Beveiliging & privacy

Generic2

16 antwoorden
  • Hallo, na een scan met AVG komt er de melding dat wij het Generic2.IFU trojan hebben. Maar AVG zelf kan er niets aan doen. Ik denk dat deze pc wel meer probleempjes heeft, maar dit is voorlopig het meest storende. Zou iemand naar ons logje willen kijken? Alvast erg bedankt! Logfile of HijackThis v1.99.1 Scan saved at 17:04:33, on 2/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\locator.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Documents and Settings\freya\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jmbwtktr.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7DB97675-2E07-468A-88B3-C5F381CC5896} - C:\WINDOWS\AppPatch\piofnt.dll O2 - BHO: (no name) - {918F8FC9-3671-4DFE-B780-CECE0FF92C22} - C:\WINDOWS\system32\osrmgnjj.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\yqfrgvhl.dll",realset O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/91c8ce91274ff3151f4b4cfacf48150c_35.exe O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/axload.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.2.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.thedownload.biz/on_the_fly_web_install/Install.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_EN_XP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab O20 - Winlogon Notify: piofnt - C:\WINDOWS\AppPatch\piofnt.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winisd32 - winisd32.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma: [b:6798a40f98]SpywareStormer [/b:6798a40f98] Installeer hijackthis.exe bijv. in C:\Program Files\[b:6798a40f98]Hijackthis[/b:6798a40f98] Dit in verband met de backups die dit programma maakt. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:6798a40f98]Combofix[/b:6798a40f98][/url] naar je Bureaublad.[list:6798a40f98] Dubbelklik op [b:6798a40f98]Combofix.exe[/b:6798a40f98] Volg de instructies, aanvaard de disclaimer door [b:6798a40f98]1[/b:6798a40f98] (continue) te typen. Tijdens het runnen van de fix, [b:6798a40f98]NIET[/b:6798a40f98] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:6798a40f98] Wanneer de fix voltooid is en na herstart, zal de log [b:6798a40f98]combofix.txt[/b:6798a40f98] openen. [i:6798a40f98]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:6798a40f98] Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Download [url=http://www.merijn.org/files/bfu.zip]Brute Force Uninstaller[/url]. Unzip het programma in C:\BFU Rechts-klik [url=http://metallica.geekstogo.com/EGDACCESS.bfu]HIER[/url] en kies "Opslaan Als .." Sla dit ook op in C:\BFU Start de computer in [b:6798a40f98]VEILIGE MODE[/b:6798a40f98]http://users.telenet.be/marcvn/spyware/1378056.htm Start het programma [b:6798a40f98]BFU.exe[/b:6798a40f98] In het invul veld plaats je het volgende [b:6798a40f98]C:\BFU\EGDACCESS.bfu[/b:6798a40f98] Klik dan op [b:6798a40f98]Execute[/b:6798a40f98] en wacht totdat het programma klaar is. Klik dan op [b:6798a40f98]OK[/b:6798a40f98] en klik [b:6798a40f98]Exit[/b:6798a40f98] om het programma af te sluiten. Herstart de computer in normale mode en post de inhoud van C:\egd.txt. (We zijn op zoek naar een "random startup"="random.exe -start" die door EGDACCESS_????.DLL verborgen blijft in hijackthis. De random.exe moet eerst worden gestopt voordat deze uit het register kan worden verwijderd.) Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:6798a40f98] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: (no name) - {7DB97675-2E07-468A-88B3-C5F381CC5896} - C:\WINDOWS\AppPatch\piofnt.dll O2 - BHO: (no name) - {918F8FC9-3671-4DFE-B780-CECE0FF92C22} - C:\WINDOWS\system32\osrmgnjj.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/91c8ce91274ff3151f4b4cfacf48150c_35.exe O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.2.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.thedownload.biz/on_the_fly_web_install/Install.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_EN_XP.cab O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab O20 - Winlogon Notify: piofnt - C:\WINDOWS\AppPatch\piofnt.dll O20 - Winlogon Notify: winisd32 - winisd32.dll (file missing) [/b:6798a40f98] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:6798a40f98]Extra[/b:6798a40f98] -> [b:6798a40f98]Mapopties...[/b:6798a40f98] Controleer onder [b:6798a40f98]Weergave[/b:6798a40f98] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende bestanden: C:\WINDOWS\AppPatch\[b:6798a40f98]piofnt.dll[/b:6798a40f98] C:\WINDOWS\system32\[b:6798a40f98]osrmgnjj.dll[/b:6798a40f98] plaats de uitslagen van de fixen aub en een nieuw HJT logje .
  • Alvast heel erg bedankt voor de hulp. Ben er een tijdje mee bezig geweest :) Het programma SpywareStormer heb ik niet gevonden bij de software. Uitslag combofix: "freya" - 2007-07-02 20:01:00 - ComboFix 07-06-27.7 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nnnopqn.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\cowabanga C:\Program Files\cowabanga\License.txt C:\Program Files\instant access C:\Program Files\instant access\Center\neosexvideo.upd C:\Program Files\instant access\Center\tray1.ico C:\WINDOWS\regedit.com ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) 2007-07-02 19:23 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-30 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-16 16:13 62,516 --a------ C:\WINDOWS\system32\jmbwtktr.dll 2007-06-16 16:13 124,436 --a------ C:\WINDOWS\system32\yqfrgvhl.dll 2007-06-10 16:22 58,420 --a------ C:\WINDOWS\system32\lmerxwoh.dll 2007-06-10 16:22 2,580 --a------ C:\WINDOWS\system32\jfyflkxn.exe 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-30 14:34:41 -------- d-----w C:\Program Files\Google 2007-06-30 14:31:03 -------- d-----w C:\Program Files\VSToolbar 2007-06-30 13:50:35 -------- d-----w C:\Program Files\Lavasoft 2007-06-30 13:48:44 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-30 13:35:18 -------- d-----w C:\Program Files\E-risk Calculator 2007-05-17 08:28:12 54,866 ----a-w C:\WINDOWS\system32\perfc013.dat 2007-05-17 08:28:12 367,854 ----a-w C:\WINDOWS\system32\perfh013.dat 2007-05-17 08:26:59 49,204 ----a-w C:\WINDOWS\system32\begsxlmw.dll 2007-05-17 08:26:50 131,604 ----a-w C:\WINDOWS\system32\osrmgnjj.dll 2007-05-16 15:19:43 683,520 ------w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:52 144,896 ------w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2006-11-11 10:19:39 712,724 --sh--w C:\WINDOWS\AppPatch\piofnt.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2005-12-09 17:22] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {7DB97675-2E07-468A-88B3-C5F381CC5896}=C:\WINDOWS\AppPatch\piofnt.dll [2006-11-11 12:19] {918F8FC9-3671-4DFE-B780-CECE0FF92C22}=C:\WINDOWS\system32\osrmgnjj.dll [2007-05-17 10:26] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42] {B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-01-06 17:47] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll [2006-01-17 17:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-03 01:00 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00] "SoundMan"="SOUNDMAN.EXE" [2002-11-19 01:00 C:\WINDOWS\SOUNDMAN.EXE] "602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [2005-08-31 16:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-06 16:46] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-09-20 04:34] "RegistryMechanic"="" [] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19] "Server Application for MFP Server"="C:\Program Files\MFP Server Utilities\ServoAp.exe" [2006-04-17 12:02] "MFP Server Agent"="C:\Program Files\MFP Server Utilities\MFPAgent.exe" [2006-06-15 14:48] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 14:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 20:04] "2fa714cb.exe"="C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\piofnt] C:\WINDOWS\AppPatch\piofnt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winisd32] winisd32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access] rundll32.exe p2esocks_1026.dll,InstantAccess [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SO5 Integrator Pass Two] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro] Contents of the 'Scheduled Tasks' folder 2006-09-28 01:00:00 C:\WINDOWS\tasks\RegCure.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-02 20:08:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-02 20:10:58 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-02 20:10 --- E O F --- Ik heb het programma BFU kunnen draaien, maar ik vind C:/egd.txt niet :( Het fixen met HJT is gelukt en de bestanden die u had aangegeven heb ik ook kunnen verwijderen. Hier is dan een nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 20:53:21, on 2/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\locator.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\freya\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/axload.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • Ok geeft niets, Doe onderstaande stappen, 1 ) Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:c21df6fa76][b:c21df6fa76][color=blue:c21df6fa76] File:: C:\WINDOWS\system32\yqfrgvhl.dll C:\WINDOWS\system32\jmbwtktr.dll C:\WINDOWS\system32\lmerxwoh.dll C:\WINDOWS\system32\jfyflkxn.exe C:\WINDOWS\system32\begsxlmw.dll C:\WINDOWS\system32\osrmgnjj.dll REGISTRY:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{918F8FC9-3671-4DFE-B780-CECE0FF92C22}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\piofnt] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winisd32] [/color:c21df6fa76][/b:c21df6fa76][/list:u:c21df6fa76]Sla dit op op je Bureaublad als [b:c21df6fa76]ComboFix-Do.txt[/b:c21df6fa76]. Sleep [b:c21df6fa76]ComboFix-Do.txt[/b:c21df6fa76] in [b:c21df6fa76]ComboFix.exe[/b:c21df6fa76] zoals getoond in onderstaand voorbeeld : [img:c21df6fa76]http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif[/img:c21df6fa76] Dit zal [b:c21df6fa76]ComboFix[/b:c21df6fa76] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:c21df6fa76]Combofix.txt[/b:c21df6fa76] in je volgende antwoord. 2 ) Download: [url=http://home.hetnet.nl/~stefsmeenk/RemoveVideoActiveXObject.exe][color=red:c21df6fa76][b:c21df6fa76]RemoveVideoActiveXObject.exe[/b:c21df6fa76][/color:c21df6fa76][/url] Sla het bestand op je bureaublad op, daarna dubbelklikken. Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen. Daarna de [b:c21df6fa76]PC herstarten[/b:c21df6fa76] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Post daarna het logje C:\[b:c21df6fa76]RVAXO-results.log[/b:c21df6fa76] in je volgende bericht tesamen met een nieuw logje van HijackThis. Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken. Als er een uninstaller actief wordt, deze zijn werk laten doen. PC herstarten en daarna nogmaals [b:c21df6fa76]RemoveVideoActiveXObject.exe[/b:c21df6fa76] dubbelklikken. Daarna een logje van HijackThis plaatsen 3 ) Installeer hijackthis.exe bijv. in C:\Program Files\[b:c21df6fa76]Hijackthis[/b:c21df6fa76] Dit in verband met de backups die dit programma maakt. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c21df6fa76] O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/axload.cab [/b:c21df6fa76] Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:c21df6fa76]Extra[/b:c21df6fa76] -> [b:c21df6fa76]Mapopties...[/b:c21df6fa76] Controleer onder [b:c21df6fa76]Weergave[/b:c21df6fa76] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende bestanden: C:\Documents and Settings\freya\Local Settings\Application Data\[b:c21df6fa76]2fa714cb.exe[/b:c21df6fa76] Start opnieuw op en plaats de logjes aub van. Combo do C:\[b:c21df6fa76]RVAXO-results.log[/b:c21df6fa76] Een nieuw HJT logje
  • Bedankt voor de snelle reactie ! Ik heb enkel het volgende bestand niet gevonden en dus ook niet kunnen verwijderen: C:/Documents and Settings/freya/Local Settings/application Data/2fa714cb.exe Voor de rest: combofix log: "freya" - 2007-07-02 21:44:28 - ComboFix 07-06-27.7 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\freya\Bureaublad\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\begsxlmw.dll C:\WINDOWS\system32\jfyflkxn.exe C:\WINDOWS\system32\jmbwtktr.dll C:\WINDOWS\system32\lmerxwoh.dll C:\WINDOWS\system32\yqfrgvhl.dll ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) 2007-07-02 20:14 <DIR> d-------- C:\BFU 2007-07-02 19:23 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-30 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-30 14:34:41 -------- d-----w C:\Program Files\Google 2007-06-30 14:31:03 -------- d-----w C:\Program Files\VSToolbar 2007-06-30 13:50:35 -------- d-----w C:\Program Files\Lavasoft 2007-06-30 13:48:44 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-30 13:35:18 -------- d-----w C:\Program Files\E-risk Calculator 2007-05-17 08:28:12 54,866 ----a-w C:\WINDOWS\system32\perfc013.dat 2007-05-17 08:28:12 367,854 ----a-w C:\WINDOWS\system32\perfh013.dat 2007-05-16 15:19:43 683,520 ------w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:52 144,896 ------w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2005-12-09 17:22] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42] {B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-01-06 17:47] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll [2006-01-17 17:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-03 01:00 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00] "SoundMan"="SOUNDMAN.EXE" [2002-11-19 01:00 C:\WINDOWS\SOUNDMAN.EXE] "602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [2005-08-31 16:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-06 16:46] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-09-20 04:34] "RegistryMechanic"="" [] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19] "Server Application for MFP Server"="C:\Program Files\MFP Server Utilities\ServoAp.exe" [2006-04-17 12:02] "MFP Server Agent"="C:\Program Files\MFP Server Utilities\MFPAgent.exe" [2006-06-15 14:48] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 14:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 20:04] "2fa714cb.exe"="C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access] rundll32.exe p2esocks_1026.dll,InstantAccess [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SO5 Integrator Pass Two] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro] Contents of the 'Scheduled Tasks' folder 2006-09-28 01:00:00 C:\WINDOWS\tasks\RegCure.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-02 21:52:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-02 21:55:18 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-02 21:54 C:\ComboFix2.txt ... 2007-07-02 20:10 --- E O F --- inhoud C:/RVAXO-results.log: ----------------RemoveVideoActiveXObject.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: en tot slot een nieuwe HJT log: Logfile of HijackThis v1.99.1 Scan saved at 22:12:12, on 2/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\locator.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\freya\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • [b:a407b70f86][color=blue:a407b70f86]Je Java software is verouderd.[/color:a407b70f86][/b:a407b70f86] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:a407b70f86]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:a407b70f86][list:a407b70f86] Download [url=http://java.sun.com/javase/downloads/index.jsp][b:a407b70f86][color=blue:a407b70f86]Java Runtime Environment (JRE) 6.1[/color:a407b70f86][/b:a407b70f86][/url]. [*:a407b70f86]Scroll omlaag naar : "[i:a407b70f86]Java Runtime Environment (JRE) 6u1[/i:a407b70f86]". [*:a407b70f86]Klik op de "[b:a407b70f86]Download[/b:a407b70f86]" knop aan de rechterkant. [*:a407b70f86]Vink aan: "[b:a407b70f86][i:a407b70f86]Accept[/b:a407b70f86] License Agreement[/i:a407b70f86]". [*:a407b70f86]De pagina zal herladen. [*:a407b70f86]Klik op de link om [i:a407b70f86]Windows [b:a407b70f86]Offline[/b:a407b70f86] Installation[/i:a407b70f86] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. [*:a407b70f86]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:a407b70f86]Ga dan naar [b:a407b70f86]Start[/b:a407b70f86] > [b:a407b70f86]Configuratiescherm[/b:a407b70f86] > [b:a407b70f86]Software[/b:a407b70f86] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:a407b70f86]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:a407b70f86]Klik dan op [b:a407b70f86]Verwijderen[/b:a407b70f86] of op de [b:a407b70f86]Wijzig/Verwijder[/b:a407b70f86] knop. [*:a407b70f86]Herhaal dit tot alle oudere versies verdwenen zijn. [*:a407b70f86]Na het verwijderen van alle oudere versies, [b:a407b70f86]herstart[/b:a407b70f86] je pc. [*:a407b70f86]Dubbelklik vervolgens op [b:a407b70f86]jre-6u1-windows-i586-p.exe[/b:a407b70f86] op je Bureaublad om de nieuwste versie van Java te installeren. [/list:u:a407b70f86] 1. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] (gemaakt door Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:a407b70f86]Select All[/b:a407b70f86]. Klik op de knop [b:a407b70f86]Empty Selected[/b:a407b70f86]. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:a407b70f86]Select All[/b:a407b70f86]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:a407b70f86]Empty Selected[/b:a407b70f86]. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:a407b70f86]Select All[/b:a407b70f86]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:a407b70f86]Empty Selected[/b:a407b70f86]. Ga naar het tabblad "Main" en klik op de knop [b:a407b70f86]Exit[/b:a407b70f86] om het programma af te sluiten. 2. Download [b:a407b70f86]Dr.Web CureIt[/b:a407b70f86] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] 3. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. 4. Dubbelklik [b:a407b70f86]drweb-cureit.exe[/b:a407b70f86] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik [b:a407b70f86]Options[/b:a407b70f86] > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:a407b70f86]groene pijl[/b:a407b70f86] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:a407b70f86]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:a407b70f86] Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:a407b70f86]Move incurable[/b:a407b70f86] zoals je zal zien in volgende afbeelding: [img:a407b70f86]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:a407b70f86] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:a407b70f86]file[/b:a407b70f86] en kies [b:a407b70f86]save report list[/b:a407b70f86]. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. 5. [b:a407b70f86]Herstart[/b:a407b70f86] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
  • hallo, de laatste stap is niet gelukt :( :( ongeveer in de helft van de (tweede) scan valt de pc (laptop) steeds uit. Ik heb dus wel de niewe versie van Java en ook ATF cleaner is gelukt. Ik kan dus jammer genoeg alleen een nieuwe HJT logje plaatsen. Zou u er nog eens naar willen kijken? Bedankt. Logfile of HijackThis v1.99.1 Scan saved at 16:19:38, on 3/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\freya\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • Download en installeer [url=http://www.ewido.net/en/download/][b:6a64163ed6][color=blue:6a64163ed6]AVG Anti-Spyware 7.5[/color:6a64163ed6][/b:6a64163ed6][/url] [list:6a64163ed6] [*:6a64163ed6]Scroll iets naar beneden, klik “download now” en sla het programma op. [*:6a64163ed6]Klik tweemaal “uitvoeren” en selecteer een taal. [*:6a64163ed6]Doorloop enkele vensters en klik op “installeren”. [*:6a64163ed6]Als het niet automatisch gebeurt klik je op “updates” [*:6a64163ed6]Selecteer[b:6a64163ed6] "Scanner"[/b:6a64163ed6] bovenin het scherm en selecteer dan[b:6a64163ed6] "Settings"[/b:6a64163ed6] [*:6a64163ed6]Eenmaal in het Settings gedeelte klik je [b:6a64163ed6]"Recommended actions"[/b:6a64163ed6] en vervolgens [b:6a64163ed6]"Quarantine"[/b:6a64163ed6] [*:6a64163ed6]Sluit Ewido. Laat het nog [b:6a64163ed6]niet[/b:6a64163ed6] scannen [/list:u:6a64163ed6] Start nu je computer op in [b:6a64163ed6]VEILIGE mode[/b:6a64163ed6] http://users.telenet.be/marcvn/spyware/1378056.htm Start AVG Anti-Spyware, (er is een icon op je desktop[list:6a64163ed6] [*:6a64163ed6]klik op [b:6a64163ed6]Scanner[/b:6a64163ed6] [*:6a64163ed6]Klik op [b:6a64163ed6]Complete System Scan[/b:6a64163ed6] [*:6a64163ed6]Laat het programma je pc scannen, dit kan even duren. [*:6a64163ed6]Als er geïnfecteerde bestanden zijn gevonden, klik dan op "[b:6a64163ed6]Apply all actions[/b:6a64163ed6]" Daarna zal je een knop zien [b:6a64163ed6]Save report[/b:6a64163ed6] [*:6a64163ed6]Klik op [b:6a64163ed6]Save Report[/b:6a64163ed6] [*:6a64163ed6]Klik daarna op [b:6a64163ed6]Save Report as[/b:6a64163ed6] en bewaar het rapport op op je bureaublad. [*:6a64163ed6]Sluit AVG Anti-spyware af en herstart de computer in normale mode.[/list:u:6a64163ed6] [b:6a64163ed6]Post het log tesamen met een nieuw hijackthis log.[/b:6a64163ed6]
  • Hoi, deze keer is alles zonder problemen verlopen :D Hier het report van de AVG Anti-Spyware scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:32:47 3/07/2007 + Scan result: C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP837\A0467977.dll -> Adware.BHO : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2961 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3683 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_1971 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_4453 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_1083 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_1333 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2254 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2282 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2731 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3141 -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38511 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38517 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38518 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined). C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP836\A0464687.dll -> Adware.Searchcolor : Cleaned with backup (quarantined). C:\WINDOWS\system32\hxettshc.exe -> Adware.Searchcolor : Cleaned with backup (quarantined). C:\WINDOWS\system32\piibxsxu.exe -> Adware.Searchcolor : Cleaned with backup (quarantined). C:\WINDOWS\system32\tncaafqx.exe -> Adware.Searchcolor : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2 -> Dialer.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2.1 -> Dialer.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2\CLSID -> Dialer.Generic : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP837\A0467877.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\system32\qnbdthxu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined). C:\Documents and Settings\freya\Cookies\freya@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\freya\Cookies\freya@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\freya\Cookies\freya@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\freya\Cookies\freya@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\freya\Cookies\freya@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\QooBox\Quarantine\catchme2007-07-02_215229.63.zip/jfyflkxn.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined). ::Report end En hier een nieuwe HJT log Logfile of HijackThis v1.99.1 Scan saved at 21:44:11, on 3/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\Documents and Settings\freya\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:9b9dc76c72] O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab [/b:9b9dc76c72] Klik op 'Fix checked' om de items te verwijderen. start opnieuw op en vertel eens hoe het nu gaat.
  • Hallo, ik heb geen meldingen meer gekregen en alles loopt goed. Behalve het opnieuw opstarten, dat duurt heel erg lang. Vooral het uitschakelen van de pc neemt heel wat tijd in beslag. Ik had ook nog een paar vraagjes. Welke programma's die ik gebruikt heb, mag ik weer van de pc smijten? En ik ben beheerder van de computer (maar niet administrator), zijn de problemen dan ook bij de andere gebruikers van de pc opgelost? Alvast heel erg hard bedankt voor alle hulp!
  • Om daar helemaal zeker van te zijn zou ik een HJT logje "van elke gebruikers account" moeten zien. Ben je uitgekeken op het blauwe balkje tijdens het opstarten? Ga naar HKEY_LOCAL_MACHINESYSTEMControlSetControlSesionManagerMemoryMenagerPreftechParameters Bewerk hier de waarde “EnablePrefetecher” Geef waarde 2 in om het opstarten te versnellen Geef waarde 3 in om ook programma’s sneller te maken Waarde 0 is uiteraard de computer uitschakelen en Waarde 1 is alleen om het starten van het programma te versnellen Ik raad je deze verandering niet aan als je een computer met minder dan 1Ghz processor of minder dan 512 MB RAM hebt. Het startmenu openen sneller maken! Ga naar HKEY_CURRENT_USERControlPanelDesktopBewerk hier de waarde van “MenuShowDelay” (tekenreekswaarde)Geef hier een waarde in van tussen de 0 en 400 De waarde 0 is niet echt handig De waarde tussen de 100 en 200 werkt beter en kan je zelfs mee gaan experimenteren Windows sneller laten afsluiten! Normaliter wacht Windows bij het afsluiten tot alle processen gestopt zijn voor hij effectief afsluit, dit kan je eenvoudig veranderen. Ga in Wait To Kill Service TimeOut naar HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl Geef hier een lagere waarde op, vb; 2000 Ga nu naar HKEY-CURRENT_USERControlPanelDesktop Verander nu hier de tekenreekswaarde Wait To Kill App TimeOut in 4000 Zorg dat er minder services draaien bij het opstarten van je computer. Ga naar start uitvoeren en type in het venster services.msc, er verschijnt nu een overzicht van alle ingeschakelde services. Klik op een ingeschakelde service, ga naar de eigenschappen en ga vervolgens naar het tabblad algemeen. Nu kan je hier de optie kiezen onder opstart type, bijv. automatisch starten, handmatig of een service helemaal uitschakelen. Kies dus voor service helemaal uitschakelen, schakel alleen de services uit zoals Fax of Smartcard indien je dit niet gebruikt.
  • Hallo, sorry dat ik nu pas antwoord, maar we hadden internetproblemen na een stroomonderbreking. De stappen om de pc sneller te laten afsluiten en opstarten heb ik nog niet ondernomen. Ik kan ook niet op alle gebruikersnamen een HJT log maken, omdat ik niet alle wachtwoorden heb en ze op reis zijn. Maar van 1 account heb ik wel de HJT-log. Zou je die nog eens willen nakijken? Heel erg bedankt! Logfile of HijackThis v1.99.1 Scan saved at 13:56:22, on 8/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\locator.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\MFP Server Utilities\ServoAp.exe C:\Program Files\MFP Server Utilities\MFPAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Documents and Settings\ellen_thijs\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe" O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\ellen_thijs\Local Settings\Application Data\2fa714cb.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
  • niks mis mee dacht ik.
  • Hallo, ik denk dat alle problemen met de pc opgelost zijn. Ik wil je nog eens heel hard bedanken. Ik vind het fantastisch dat mensen hun vrije tijd opofferen om andere mensen met computerproblemen te helpen. En geduld dat jullie hebben, echt geweldig! Heel erg hard bedankt !!
  • Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Hier nog wat tips. [url=http://www.jawwi.nl/tips/beveiligen.html]tips[/url] Bedankt voor je vriendelijke woorden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.