Vraag & Antwoord

Beveiliging & privacy

Hijackthis logje

12 antwoorden
  • Graag even een controle op onderstaand logje Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:21:22, on 16-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\njwamjfk.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\drivers\STDSB.exe C:\WINDOWS\system32\drivers\Icon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HiJackThis_v2.exe C:\hijackthis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {402444AC-0FF4-41A4-B3CD-30B8D1A972Fc} - C:\WINDOWS\system32\aiwahjxc.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {796FAD50-6DE0-4CC1-85C9-94381CDEE4A8} - C:\WINDOWS\system32\cbxutuv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ufqybguo.dll O2 - BHO: (no name) - {E91E23A2-4F21-47C3-8185-C198EDE67BDE} - C:\WINDOWS\system32\oppqn.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [j1201433] rundll32 C:\WINDOWS\system32\j1201433.dll sook O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qwjltxfj.dll",forkonce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: cbxutuv - C:\WINDOWS\SYSTEM32\cbxutuv.dll O20 - Winlogon Notify: oppqn - C:\WINDOWS\system32\oppqn.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DomainService - - C:\WINDOWS\system32\njwamjfk.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12186 bytes
  • 1. * [u:9cdefbc007]Clean de Cache and Cookies in IE[/u:9cdefbc007]: * Sluit Internet Explorer. * Ga naar Configuratiescherm > Internet Opties > tab Algemeen * Klik de Cookies verwijderen knop * Klik op de Bestanden verwijderen knop ernaast * Vink aan: Ook alle off line items verwijderen, klik OK * [u:9cdefbc007]Clean de Cache and Cookies in Firefox[/u:9cdefbc007] (In geval Firefox geïnstalleerd is): * Go to Extra > Opties. * Klik Privacy in het menu. * Klik op de knop wissen (Geschiedenis, Cookies, Cache). * Klik OK om het venster opnieuw te sluiten. * [u:9cdefbc007]Clean andere Temporary files + Prullenbak[/u:9cdefbc007] * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok. * Laat het je systeem scannen op bestanden die moeten verwijderd worden * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt. * Klik daarna op OK. 2. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:9cdefbc007]bureaublad[/b:9cdefbc007] Dubbelklik op [u:9cdefbc007]combofix.exe[/u:9cdefbc007] Volg de instructies, aanvaard de disclaimer door y of Y te typen. Tijdens het runnen van de fix, [b:9cdefbc007]NIET[/b:9cdefbc007] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:9cdefbc007]combofix.txt[/b:9cdefbc007] openen. Bewaar dit logje. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. 3. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr.Web Cureit[/url] naar je bureaublad. [list:9cdefbc007] Dubbelklik [b:9cdefbc007]drweb-cureit.exe[/b:9cdefbc007] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:9cdefbc007]groene pijl[/b:9cdefbc007] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Nadat de scan gedaan is, in het menu bovenaan, klik [b:9cdefbc007]File[/b:9cdefbc007] en kies [b:9cdefbc007]Save report List[/b:9cdefbc007]. Bewaar het op je bureaublad. Sluit daarna Dr.Web Cureit. [b:9cdefbc007]Herstart[/b:9cdefbc007] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. [/list:u:9cdefbc007] Plaats nu het logje van combofix, dr web en een vers Hijackthis logje in je volgende bericht. Succes! Pim
  • Hierbij de logs van de diverse programma,s ComboFix 07-08-14.4 - "Marc van Eck" 2007-08-16 22:11:15.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.535 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ahtsyobh.exe C:\WINDOWS\system32\aiwahjxc.dll C:\WINDOWS\system32\ajrbbsfj.exe C:\WINDOWS\system32\aledqxnm.exe C:\WINDOWS\system32\anlafagj.ini C:\WINDOWS\system32\aswmpbmi.dll C:\WINDOWS\system32\baehqblk.dll C:\WINDOWS\system32\bdogoytv.dll C:\WINDOWS\system32\bgojyajd.ini C:\WINDOWS\system32\bhaigila.exe C:\WINDOWS\system32\bimmrfxp.dll C:\WINDOWS\system32\blkiyaeh.dll C:\WINDOWS\system32\boaensjx.ini C:\WINDOWS\system32\cbxutuv.dll C:\WINDOWS\system32\cfprkxpl.exe C:\WINDOWS\system32\cpmasprj.ini C:\WINDOWS\system32\cpwxowyi.dll C:\WINDOWS\system32\cvujgcbl.dll C:\WINDOWS\system32\djayjogb.dll C:\WINDOWS\system32\drivers\Icon.exe C:\WINDOWS\system32\dvybttdw.dll C:\WINDOWS\system32\edkewbfa.dll C:\WINDOWS\system32\eekpkqng.exe C:\WINDOWS\system32\egcsnlsc.exe C:\WINDOWS\system32\fbrhlygp.dll C:\WINDOWS\system32\fcmqruat.exe C:\WINDOWS\system32\fnwinhae.exe C:\WINDOWS\system32\garqtrwq.exe C:\WINDOWS\system32\hdvogqmi.exe C:\WINDOWS\system32\hphvswir.dll C:\WINDOWS\system32\hqkxqurl.exe C:\WINDOWS\system32\htrgfabo.exe C:\WINDOWS\system32\ipqayveh.exe C:\WINDOWS\system32\ivbdhwho.ini C:\WINDOWS\system32\iywoxwpc.ini C:\WINDOWS\system32\j1201433.dll C:\WINDOWS\system32\jajinkbq.exe C:\WINDOWS\system32\jbeusrkl.exe C:\WINDOWS\system32\jfxtljwq.ini C:\WINDOWS\system32\jgafalna.dll C:\WINDOWS\system32\joexkhbw.exe C:\WINDOWS\system32\jrpsampc.dll C:\WINDOWS\system32\kabktybu.dll C:\WINDOWS\system32\kcwrowvh.exe C:\WINDOWS\system32\klbqheab.ini C:\WINDOWS\system32\kvoudpkf.exe C:\WINDOWS\system32\ldvpywtk.dll C:\WINDOWS\system32\lhtoqnaq.exe C:\WINDOWS\system32\liesvslk.exe C:\WINDOWS\system32\lmeupvdq.exe C:\WINDOWS\system32\lmswtvpv.dll C:\WINDOWS\system32\lvhfanmh.dll C:\WINDOWS\system32\ndsyqkvi.exe C:\WINDOWS\system32\njwamjfk.exe C:\WINDOWS\system32\npfprbop.dll C:\WINDOWS\system32\nqppo.bak2 C:\WINDOWS\system32\nqppo.ini C:\WINDOWS\system32\nqppo.ini2 C:\WINDOWS\system32\nqppo.tmp C:\WINDOWS\system32\ohwhdbvi.dll C:\WINDOWS\system32\onlywhmk.exe C:\WINDOWS\system32\oppqn.dll C:\WINDOWS\system32\orcorrfi.dll C:\WINDOWS\system32\orxsrnkf.exe C:\WINDOWS\system32\pbgsxvgi.dll C:\WINDOWS\system32\pgylhrbf.ini C:\WINDOWS\system32\pkcvjaur.dll C:\WINDOWS\system32\pobrpfpn.ini C:\WINDOWS\system32\pqbmfhms.dll C:\WINDOWS\system32\prfejser.exe C:\WINDOWS\system32\puawiydy.exe C:\WINDOWS\system32\pxfrmmib.ini C:\WINDOWS\system32\qgqeowsw.ini C:\WINDOWS\system32\qiinymad.exe C:\WINDOWS\system32\qwjltxfj.dll C:\WINDOWS\system32\rhjkvlyt.exe C:\WINDOWS\system32\rqblbdir.dll C:\WINDOWS\system32\ruajvckp.ini C:\WINDOWS\system32\rwndssun.exe C:\WINDOWS\system32\scsgxudp.dll C:\WINDOWS\system32\smhfmbqp.ini C:\WINDOWS\system32\sujnfnoh.exe C:\WINDOWS\system32\tctqaamy.dll C:\WINDOWS\system32\tnycxcwm.exe C:\WINDOWS\system32\ttlkxgwg.exe C:\WINDOWS\system32\ttrhgwaw.exe C:\WINDOWS\system32\tvpnxlmf.exe C:\WINDOWS\system32\ufqybguo.dll C:\WINDOWS\system32\ugpnkylq.dll C:\WINDOWS\system32\uipckpaj.exe C:\WINDOWS\system32\umvghkig.exe C:\WINDOWS\system32\upwtxwpv.exe C:\WINDOWS\system32\voaalnph.exe C:\WINDOWS\system32\vpvtwsml.ini C:\WINDOWS\system32\vqdlsrye.dll C:\WINDOWS\system32\vtyogodb.ini C:\WINDOWS\system32\wdttbyvd.ini C:\WINDOWS\system32\whxnpdfn.exe C:\WINDOWS\system32\wswoeqgq.dll C:\WINDOWS\system32\xghkghdt.exe C:\WINDOWS\system32\xglbahop.exe C:\WINDOWS\system32\xjsneaob.dll C:\WINDOWS\system32\xtpcxkwl.exe C:\WINDOWS\system32\ywkemufs.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 ))))))))))))))))))))))))))))))) 2007-08-16 22:09 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-16 21:35 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-08-16 21:31 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2007-08-16 21:24 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-16 21:24 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-08-16 20:20 <DIR> d-------- C:\hijackthis 2007-08-16 19:03 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-08-16 19:03 <DIR> d-------- C:\Program Files\Hitman Pro 2007-08-16 19:01 1,156 --a------ C:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-16 22:00 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-16 19:43 --------- d-------- C:\Program Files\Spyware Doctor 2007-06-27 10:41 --------- d-------- C:\DOCUME~1\MARCVA~1\APPLIC~1\Talkback 2007-06-27 00:19 --------- d-------- C:\DOCUME~1\MARCVA~1\APPLIC~1\PC Tools 2007-06-27 00:15 --------- d-------- C:\Program Files\Picasa2 2007-06-27 00:11 --------- d-------- C:\Program Files\Norton Security Scan 2007-06-27 00:06 --------- d-------- C:\Program Files\Google 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:33 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-15 10:14 474624 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 10:14 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 10:14 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 10:14 1057280 --------- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 10:14 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:24 1036800 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 00:06 183296 --a------ C:\WINDOWS\system32\afbbhhji.dll 2007-06-12 23:51 183808 --a------ C:\WINDOWS\system32\ffgfhjfj.dll 2007-06-12 23:51 183296 --a------ C:\WINDOWS\system32\jhihcjcf.dll 2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll 2007-05-17 13:30 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-05-16 17:19 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:19 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:19 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:19 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:19 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 15:37] "STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 17:50] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 18:43] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 18:43] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 17:34 C:\WINDOWS\SOUNDMAN.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-31 15:11] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 10:59] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28] "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:47] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-25 12:38] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-07 12:04] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 C:\WINDOWS\system32\bthprops.cpl] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "InstaFinderK"="C:\Program Files\INSTAFINK\InstaFinderK_inst.exe" [] "Snelkiezer"="C:\WINDOWS\Snelkiezer_.exe" [2006-05-29 22:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-02 22:56] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 00:06] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 00:06:21] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58] Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 11:01:04] Snelstart HP Image Zone.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys S3 o1394bul;o1394bul;\??\C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\o1394bul.sys Contents of the 'Scheduled Tasks' folder 2005-06-25 14:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe 2005-07-02 17:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job 2007-08-16 17:56:05 C:\WINDOWS\Tasks\HP Usg Daily FY04.job - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe 2007-06-22 20:57:48 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe 2007-06-26 22:11:57 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe 2007-08-16 19:42:45 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-16 22:19:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-16 22:25:05 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-16 22:25 --- E O F --- N2PLUGIN.DLL C:\Program Files\Need2Find\bar\4.bin Adware.Msearch aiwahjxc.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Adware.Crew A0151643.dll C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP391 Adware.Crew installer.exe C:\WINDOWS\Downloaded Program Files Trojan.Kenny Verwijderd. WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files Adware.PeerNet installer.exe\data001 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer.exe Trojan.Kenny installer.exe\data002 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer.exe Trojan.Kenny installer.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1 Archief bevat geinfecteerde objecten Verplaatst. afbbhhji.dll C:\WINDOWS\system32 Trojan.Kenny Verwijderd. ffgfhjfj.dll C:\WINDOWS\system32 Trojan.Kenny Verwijderd. jhihcjcf.dll C:\WINDOWS\system32 Trojan.Kenny Verwijderd. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:15:23, on 17-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\drivers\STDSB.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Snelkiezer_.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Documents and Settings\Marc van Eck\Bureaublad\drweb-cureit.exe C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\RarSFX1\_start.exe C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\RarSFX1\cureit.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Program Files\microsoft office\office10\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187289382233 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12065 bytes Alvast hartelijk dank.
  • Hoi Gerben3, 1. Ga naar start --> configuratiescherm --> software en verwijder daar het volgende programma, indien aanwezig: [b:bd71367603] Need2Find [/b:bd71367603] 2. Start Hijackthis, kies voor [i:bd71367603]'Do a system scan only'[/i:bd71367603] en vink onderstaande regels aan: [b:bd71367603] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm [/b:bd71367603] Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen. Mogelijk dat dit door Spybot S&D is ingesteld. Indien jij deze instelling niet zelf hebt ingesteld, dan mag je de volgende regel fixen: [b:bd71367603] O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present [/b:bd71367603] Sluit nu [u:bd71367603]alle[/u:bd71367603] openstaande vensters, behalve Hijackthis en klik op [b:bd71367603]Fix Checked[/b:bd71367603]. 3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:bd71367603] File:: C:\WINDOWS\system32\afbbhhji.dll C:\WINDOWS\system32\ffgfhjfj.dll C:\WINDOWS\system32\jhihcjcf.dll C:\WINDOWS\Snelkiezer.exe Folder:: C:\Program Files\Need2Find C:\Program Files\INSTAFINK [/b:bd71367603] Sla dit op op je Bureaublad als [b:bd71367603]CFScript.txt[/b:bd71367603] Sleep [b:bd71367603]CFScript.txt[/b:bd71367603] in [b:bd71367603]ComboFix.exe[/b:bd71367603] zoals getoond in onderstaand voorbeeld : [img:bd71367603]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:bd71367603] Dit zal [b:bd71367603]ComboFix[/b:bd71367603] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:bd71367603]Combofix.txt[/b:bd71367603] in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim.
  • Hierbij de nieuwe logjes: ComboFix 07-08-14.4 - "Marc van Eck" 2007-08-17 14:39:26.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.605 [GMT 2:00] Command switches used :: C:\Documents and Settings\Marc van Eck\Bureaublad\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\afbbhhji.dll C:\WINDOWS\system32\ffgfhjfj.dll C:\WINDOWS\system32\jhihcjcf.dll C:\WINDOWS\Snelkiezer.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Need2Find C:\Program Files\Need2Find\bar\4.bin\N2FFXTBR.JAR C:\Program Files\Need2Find\bar\4.bin\N2NTSTBR.JAR C:\Program Files\Need2Find\bar\4.bin\NPND2FN.DLL C:\Program Files\Need2Find\bar\4.bin\PARTNER.DAT C:\Program Files\Need2Find\bar\Cache\000475CC C:\Program Files\Need2Find\bar\Cache\012CC87C C:\Program Files\Need2Find\bar\Cache\files.ini C:\Program Files\Need2Find\bar\History\search C:\Program Files\Need2Find\bar\Settings\prevcfg.htm C:\WINDOWS\Snelkiezer.exe ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 ))))))))))))))))))))))))))))))) 2007-08-16 22:29 <DIR> d-------- C:\DOCUME~1\MARCVA~1\DoctorWeb 2007-08-16 22:09 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-16 21:35 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-08-16 21:31 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2007-08-16 21:24 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-16 21:24 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-08-16 20:20 <DIR> d-------- C:\hijackthis 2007-08-16 19:03 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-08-16 19:03 <DIR> d-------- C:\Program Files\Hitman Pro 2007-08-16 19:01 1,156 --a------ C:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-17 10:44 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-17 10:24 --------- d-------- C:\Program Files\Symantec 2007-08-16 19:43 --------- d-------- C:\Program Files\Spyware Doctor 2007-06-27 10:41 --------- d-------- C:\DOCUME~1\MARCVA~1\APPLIC~1\Talkback 2007-06-27 00:19 --------- d-------- C:\DOCUME~1\MARCVA~1\APPLIC~1\PC Tools 2007-06-27 00:15 --------- d-------- C:\Program Files\Picasa2 2007-06-27 00:06 --------- d-------- C:\Program Files\Google 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:33 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-15 10:14 474624 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 10:14 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 10:14 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 10:14 1057280 --------- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 10:14 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:24 1036800 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll 2007-05-17 13:30 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 15:37] "STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 17:50] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 18:43] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 18:43] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 17:34 C:\WINDOWS\SOUNDMAN.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-31 15:11] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 10:59] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28] "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:47] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-25 12:38] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-07 12:04] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 C:\WINDOWS\system32\bthprops.cpl] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-02 22:56] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 00:06] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 00:06:21] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58] Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 11:01:04] Snelstart HP Image Zone.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys S3 o1394bul;o1394bul;\??\C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\o1394bul.sys Contents of the 'Scheduled Tasks' folder 2005-06-25 14:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe 2005-07-02 17:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job 2007-08-17 09:56:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe 2007-06-22 20:57:48 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe 2007-08-17 13:21:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-17 15:00:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-17 15:22:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-17 15:22 C:\ComboFix2.txt ... 2007-08-16 22:25 --- E O F --- Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:24:35, on 17-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\drivers\STDSB.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187289382233 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 10794 bytes
  • Dat ziet er weer goed uit! :D Hoe is het met je problemen?
  • Geen problemen meer. Alleen kan ik oude Norton software nog noet verwijderen. Heeft misschien met de firewal te maken. Ik krijg de FTP site niet geopend. Vanavond thuis nog maar eens proberen. Verder loopt de PC weer als een zonnetje. Hartelijk dank. :wink:
  • Ik snap niet echt wat je probleem is [quote:4879f71efe] Alleen kan ik oude Norton software nog noet verwijderen. Heeft misschien met de firewal te maken[/quote:4879f71efe] :-?
  • verwijderen moet ook met een tooltje. probeer deze eens. Verwijder Norton m.b.v. http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument deze tool
  • Her is al gelukt. Op de PC stond nog oude software van Norton waarvan de licentie verlopen was. Thuis kon ik wel het tooltje downloaden om de software te verweideren. Alle hartelijk dank. Problemen opgelost.
  • Ahh dat bedoel je :) Mooi dat het probleem is opgelost en graag gedaan!
  • Welke tool had je nu gebruikt ervoor?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.