Vraag & Antwoord

Beveiliging & privacy

HiJack log.. Problemen met popups.

10 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:52:31, on 19-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\wamp\apache\Apache.exe c:\wamp\mysql\bin\mysqld-nt.exe c:\wamp\apache\Apache.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\service.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\Daan\Bureaublad\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [dash bend meta balm] C:\Documents and Settings\All Users\Application Data\Atom Idle Dash Bend\1 tick.exe O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [coalford] C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?080f636d18cc4a00a631dbdffcc1ea29 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?080f636d18cc4a00a631dbdffcc1ea29 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106731788697 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe -- End of file - 8869 bytes\ Zou iemand er naar willen kijken aub?
  • ja hoor
  • Schakel eerst Ad-Watch uit, anders worden alle register veranderingen weer terug gedraaid. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:e1440441db] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O4 - HKLM\..\Run: [dash bend meta balm] C:\Documents and Settings\All Users\Application Data\Atom Idle Dash Bend\1 tick.exe O4 - HKCU\..\Run: [coalford] C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe [/b:e1440441db] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:e1440441db]Extra[/b:e1440441db] -> [b:e1440441db]Mapopties...[/b:e1440441db] Controleer onder [b:e1440441db]Weergave[/b:e1440441db] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: C:\Documents and Settings\All Users\Application Data\[b:e1440441db]Atom Idle Dash Bend[/b:e1440441db]\ C:\DOCUME~1\Daan\APPLIC~1\[b:e1440441db]1find[/b:e1440441db]\ Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe][b:e1440441db]Deljob.exe[/b:e1440441db][/url] Plaats het op je bureaublad. Indien je virusscanner de download van deljob.exe blokkeert, schakel dan tijdelijk je virusscanner uit of download de zip-versie [url=http://members.lycos.nl/deljob/deljob.zip][b:e1440441db]deljob.zip[/b:e1440441db][/url] en pak deze uit naar je Bureaublad. Dubbelklik [b:e1440441db]Deljob.exe[/b:e1440441db]. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:e1440441db]logit.txt[/b:e1440441db] in je volgende bericht. plaats een nieuw logje gemaakt met deze versie aub. http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
  • Het is me niet gelukt om Atom Idle Dash Bend te verwijderen. Het zegt dat het in gebruik is door andere programma's maar als ik alles afsluit zegt hij het nog steeds. -------------------------------------------------------- No LOP jobs found -------------------------------------------------------- Files remaining after cleaning Controleren op updates voor Windows Live Toolbar.job -------------------------------------------------------- App data folders Het volume in station C heeft geen naam. Het volumenummer is C84F-C806 Map van C:\Documents and Settings\Daan\Application Data 20-10-2007 09:19 <DIR> . 20-10-2007 09:19 <DIR> .. 19-10-2007 19:46 <DIR> Adobe 09-05-2007 18:26 <DIR> AdobeUM 27-12-2005 11:25 <DIR> Ahead 26-01-2005 13:25 <DIR> Atari 10-07-2006 08:36 <DIR> Creative 08-05-2006 15:53 <DIR> CYBERL~1 CyberLink 02-02-2007 19:18 <DIR> DAANNE~1 DaanNevels 31-05-2005 21:49 <DIR> DIMAGE 15-12-2005 17:51 <DIR> dvdcss 14-05-2007 08:34 <DIR> Google 12-03-2005 14:20 <DIR> Help 26-01-2005 10:54 <DIR> IDENTI~1 Identities 20-02-2005 18:42 <DIR> KAZAAL~1 Kazaa Lite 25-01-2006 18:34 <DIR> Lavasoft 20-03-2005 14:08 <DIR> MACROM~1 Macromedia 14-09-2007 17:00 <DIR> MICROS~1 Microsoft 03-03-2007 09:53 <DIR> Mozilla 16-12-2005 15:28 <DIR> RADLIG~1 RadLight Company 19-10-2007 16:15 <DIR> SecuROM 01-08-2007 20:38 <DIR> SONYCO~1 Sony Corporation 18-06-2005 17:40 <DIR> Sun 11-03-2006 11:15 <DIR> Symantec 27-04-2007 08:25 <DIR> TEAMSP~1 teamspeak2 21-09-2007 20:52 <DIR> Ventrilo 0 bestand(en) 0 bytes 26 map(pen) 8.666.750.976 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is C84F-C806 Map van C:\Documents and Settings\All Users\Application Data 19-10-2007 16:25 <DIR> . 19-10-2007 16:25 <DIR> .. 19-10-2007 19:53 <DIR> Adobe 19-10-2007 16:25 <DIR> ATOMID~1 Atom Idle Dash Bend 25-12-2005 17:40 <DIR> Avg7 10-07-2006 08:36 <DIR> Creative 30-04-2006 17:30 <DIR> CYBERL~1 CyberLink 16-01-2006 18:32 <DIR> DVDSHR~1 DVD Shrink 14-05-2007 08:32 <DIR> Google 25-05-2006 15:02 <DIR> MICROS~1 Microsoft 28-03-2005 11:33 <DIR> MSNMES~1.060 MSN Messenger 7.0.0604 01-09-2007 17:41 <DIR> NPF 26-01-2005 13:49 <DIR> NVIEW_~1 nView_Profiles 05-03-2006 15:59 <DIR> Pinnacle 05-06-2005 12:54 <DIR> QUICKT~1 QuickTime 01-08-2007 20:33 <DIR> SONYCO~1 Sony Corporation 25-01-2006 16:15 <DIR> SPYBOT~1 Spybot - Search & Destroy 11-03-2006 11:15 <DIR> Symantec 25-09-2007 16:23 <DIR> TEMP 25-12-2005 15:37 <DIR> WINDOW~1 Windows Genuine Advantage 14-09-2007 16:59 <DIR> WINDOW~2 Windows Live Toolbar 0 bestand(en) 0 bytes 21 map(pen) 8.666.750.976 bytes beschikbaar -------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:15, on 20-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\wamp\apache\Apache.exe c:\wamp\mysql\bin\mysqld-nt.exe c:\wamp\apache\Apache.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\service.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [coalford] C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?080f636d18cc4a00a631dbdffcc1ea29 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?080f636d18cc4a00a631dbdffcc1ea29 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106731788697 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe -- End of file - 7747 bytes
  • Het is me niet gelukt om Atom Idle Dash Bend te verwijderen. Het zegt dat het in gebruik is door andere programma's maar als ik alles afsluit zegt hij het nog steeds. -------------------------------------------------------- No LOP jobs found -------------------------------------------------------- Files remaining after cleaning Controleren op updates voor Windows Live Toolbar.job -------------------------------------------------------- App data folders Het volume in station C heeft geen naam. Het volumenummer is C84F-C806 Map van C:\Documents and Settings\Daan\Application Data 20-10-2007 09:19 <DIR> . 20-10-2007 09:19 <DIR> .. 19-10-2007 19:46 <DIR> Adobe 09-05-2007 18:26 <DIR> AdobeUM 27-12-2005 11:25 <DIR> Ahead 26-01-2005 13:25 <DIR> Atari 10-07-2006 08:36 <DIR> Creative 08-05-2006 15:53 <DIR> CYBERL~1 CyberLink 02-02-2007 19:18 <DIR> DAANNE~1 DaanNevels 31-05-2005 21:49 <DIR> DIMAGE 15-12-2005 17:51 <DIR> dvdcss 14-05-2007 08:34 <DIR> Google 12-03-2005 14:20 <DIR> Help 26-01-2005 10:54 <DIR> IDENTI~1 Identities 20-02-2005 18:42 <DIR> KAZAAL~1 Kazaa Lite 25-01-2006 18:34 <DIR> Lavasoft 20-03-2005 14:08 <DIR> MACROM~1 Macromedia 14-09-2007 17:00 <DIR> MICROS~1 Microsoft 03-03-2007 09:53 <DIR> Mozilla 16-12-2005 15:28 <DIR> RADLIG~1 RadLight Company 19-10-2007 16:15 <DIR> SecuROM 01-08-2007 20:38 <DIR> SONYCO~1 Sony Corporation 18-06-2005 17:40 <DIR> Sun 11-03-2006 11:15 <DIR> Symantec 27-04-2007 08:25 <DIR> TEAMSP~1 teamspeak2 21-09-2007 20:52 <DIR> Ventrilo 0 bestand(en) 0 bytes 26 map(pen) 8.666.750.976 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is C84F-C806 Map van C:\Documents and Settings\All Users\Application Data 19-10-2007 16:25 <DIR> . 19-10-2007 16:25 <DIR> .. 19-10-2007 19:53 <DIR> Adobe 19-10-2007 16:25 <DIR> ATOMID~1 Atom Idle Dash Bend 25-12-2005 17:40 <DIR> Avg7 10-07-2006 08:36 <DIR> Creative 30-04-2006 17:30 <DIR> CYBERL~1 CyberLink 16-01-2006 18:32 <DIR> DVDSHR~1 DVD Shrink 14-05-2007 08:32 <DIR> Google 25-05-2006 15:02 <DIR> MICROS~1 Microsoft 28-03-2005 11:33 <DIR> MSNMES~1.060 MSN Messenger 7.0.0604 01-09-2007 17:41 <DIR> NPF 26-01-2005 13:49 <DIR> NVIEW_~1 nView_Profiles 05-03-2006 15:59 <DIR> Pinnacle 05-06-2005 12:54 <DIR> QUICKT~1 QuickTime 01-08-2007 20:33 <DIR> SONYCO~1 Sony Corporation 25-01-2006 16:15 <DIR> SPYBOT~1 Spybot - Search & Destroy 11-03-2006 11:15 <DIR> Symantec 25-09-2007 16:23 <DIR> TEMP 25-12-2005 15:37 <DIR> WINDOW~1 Windows Genuine Advantage 14-09-2007 16:59 <DIR> WINDOW~2 Windows Live Toolbar 0 bestand(en) 0 bytes 21 map(pen) 8.666.750.976 bytes beschikbaar -------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:15, on 20-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\wamp\apache\Apache.exe c:\wamp\mysql\bin\mysqld-nt.exe c:\wamp\apache\Apache.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\service.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [coalford] C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?080f636d18cc4a00a631dbdffcc1ea29 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?080f636d18cc4a00a631dbdffcc1ea29 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106731788697 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe -- End of file - 7747 bytes
  • Sorry voor de dubbele post :(
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:aaa9e6db52] O4 - HKCU\..\Run: [coalford] C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab [/b:aaa9e6db52] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe][b:aaa9e6db52]Combofix[/b:aaa9e6db52][/url] naar je Bureaublad. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:aaa9e6db52][b:aaa9e6db52][color=blue:aaa9e6db52] Folder:: C:\Documents and Settings\All Users\Application Data\Atom Idle Dash Bend\1 tick.exe C:\DOCUME~1\Daan\APPLIC~1\1find\TitleMapi16.exe [/color:aaa9e6db52][/b:aaa9e6db52] [/list:u:aaa9e6db52]Sla dit op op je Bureaublad als [b:aaa9e6db52]CFScript.txt[/b:aaa9e6db52]. Sleep [b:aaa9e6db52]CFScript.txt[/b:aaa9e6db52] in [b:aaa9e6db52]ComboFix.exe[/b:aaa9e6db52] zoals getoond in onderstaand voorbeeld : [img:aaa9e6db52]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:aaa9e6db52] Dit zal [b:aaa9e6db52]ComboFix[/b:aaa9e6db52] doen starten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:aaa9e6db52]Combofix.txt[/b:aaa9e6db52] in je volgende antwoord.
  • ComboFix 07-10-23.1 - Daan 2007-10-24 13:23:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.619 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Daan\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Daan\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Atom Idle Dash Bend\1 tick.exe\ C:\Documents and Settings\Daan\Menu Start\Programma's\Outerinfo C:\Documents and Settings\Daan\Menu Start\Programma's\Outerinfo\Terms.lnk C:\Documents and Settings\Daan\Menu Start\Programma's\Outerinfo\Uninstall.lnk C:\Program Files\outlook C:\Program Files\outlook\p.zip C:\WINDOWS\b116.exe C:\WINDOWS\system32\app.exe C:\WINDOWS\system32\service.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))) . 2007-10-22 14:59 <DIR> dr-h----- C:\Documents and Settings\Daan\Onlangs geopend 2007-10-21 14:52 <DIR> d-------- C:\Documents and Settings\Daan\Application Data\Hamachi 2007-10-21 14:51 <DIR> d-------- C:\Program Files\Hamachi 2007-10-21 14:51 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-20 09:36 <DIR> d-------- C:\Documents and Settings\Daan\Application Data\1find 2007-10-20 09:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-19 17:13 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-10-19 16:45 <DIR> d-------- C:\Program Files\EA Sports 2007-10-19 16:27 <DIR> d-------- C:\Program Files\ContextTool 2007-10-19 16:24 <DIR> d-------- C:\Program Files\1find 2007-10-19 16:15 <DIR> dr-h----- C:\Documents and Settings\Daan\Application Data\SecuROM 2007-10-19 16:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-10 13:37 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-03 13:23 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-03 13:22 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-10-03 13:22 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-20 07:14 --------- d-----w C:\Program Files\Virtools Web Player 2.5 2007-10-14 09:41 --------- d-----w C:\Program Files\LimeWire 2007-10-13 09:48 --------- d-----w C:\Program Files\World of Warcraft 2007-10-11 14:49 --------- d-----w C:\Program Files\GalaNet 2007-10-11 14:48 --------- d-----w C:\Program Files\Bulent's Screen Recorder 2007-10-07 10:01 --------- d-----w C:\Program Files\WowReader 2007-09-21 18:52 --------- d-----w C:\Documents and Settings\Daan\Application Data\Ventrilo 2007-09-15 19:02 --------- d-----w C:\Program Files\Microsoft Works 2007-09-15 19:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-09-14 14:59 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-09-14 14:59 --------- d-----w C:\Program Files\Windows Live Favorites 2007-09-14 14:58 --------- d-----w C:\Program Files\MSN Messenger 2007-09-04 18:16 --------- d-----w C:\Program Files\Java 2007-09-01 15:47 --------- d-----w C:\Program Files\Creative 2007-09-01 15:45 --------- d-----w C:\Program Files\DivX 2007-09-01 15:44 161 ----a-w C:\Delme.bat 2007-09-01 15:44 --------- d-----w C:\Program Files\SwiftSwitch 2007-09-01 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-01 15:40 5 ----a-w C:\NPF_USER.DAT 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-05-11 06:33 73 ----a-w C:\Documents and Settings\Daan\n.bat 2007-05-11 06:33 37,364 ----a-w C:\Documents and Settings\Daan\x.dat 2007-05-11 06:33 167 ----a-w C:\Documents and Settings\Daan\1597.bat 2007-05-11 06:32 32,768 ----a-w C:\Documents and Settings\Daan\setup9x.exe 2007-05-10 14:51 167 ----a-w C:\Documents and Settings\Daan\4694.bat 2007-05-10 05:21 167 ----a-w C:\Documents and Settings\Daan\1708.bat 2007-05-09 16:25 167 ----a-w C:\Documents and Settings\Daan\7725.bat 2007-05-09 12:00 167 ----a-w C:\Documents and Settings\Daan\3450.bat 2006-11-12 09:53 68,728 ----a-w C:\Documents and Settings\Daan\Application Data\GDIPFONTCACHEV1.DAT 2006-09-29 10:57 192 ----a-w C:\Documents and Settings\Daan\ggg.bat 2005-02-21 17:15 222,720 ----a-w C:\Documents and Settings\Daan\rebates.exe 2005-07-29 14:24:26 472 --sha-r C:\WINDOWS\RGFhbiBOZXZlbHM\l3I1v21itrt5vJg.vbs . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 22:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}] [HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-05 12:54] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "NWEReboot"="" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25] "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 13:12] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup R2 wampapache;wampapache;"c:\wamp\apache\Apache.exe" --ntservice R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=C:\WINDOWS\mywamp.ini wampmysqld *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2007-10-24 10:30:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 13:27:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-24 13:27:45 C:\ComboFix-quarantined-files.txt ... 2007-06-24 12:49 C:\ComboFix2.txt ... 2007-06-24 12:49 . --- E O F ---
  • nieuw HJT logje en vertel gelijk hoe het nu gaat.
  • Ik heb het idee dat het al stukken beter gaat.. Heb al bijna geen popups meer. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:47:47, on 25-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\wamp\apache\Apache.exe c:\wamp\mysql\bin\mysqld-nt.exe c:\wamp\apache\Apache.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?080f636d18cc4a00a631dbdffcc1ea29 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?080f636d18cc4a00a631dbdffcc1ea29 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106731788697 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe -- End of file - 7270 bytes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.