Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis

Anoniem
Jaimie
4 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:27:05, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-be\msntabres.dll.mui/229?5e8f926a371e486f968d9b2605afe8f0
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-be\msntabres.dll.mui/230?5e8f926a371e486f968d9b2605afe8f0
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tabita17.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 9292 bytes

    ———- BENDEBOYS MSNFIX RAPORT ———-
    - Version: 3.5.0.14 - Last Update: 18/10/07
    - Scan performed on: zo 28/10/2007 - 0:21:35,00 By Tabitake
    - Bootmode: Safe Mode

    ((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))

    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\DivX.dll"
    2007-09-28 -18:08:18 - A…. "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
    2007-09-28 -18:07:54 - A…. "C:\WINDOWS\system32\DivXsm.exe"
    2007-09-28 -18:05:08 - A…. "C:\WINDOWS\system32\DivXWMPExtType.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx0c.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx07.dll"
    2007-09-28 -18:05:40 - A…. "C:\WINDOWS\system32\divx_xx11.dll"
    2007-09-28 -18:05:50 - A…. "C:\WINDOWS\system32\dpl100.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpu10.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpu11.dll"
    2007-09-28 -18:05:44 - A…. "C:\WINDOWS\system32\dpuGUI10.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpuGUI11.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpus11.dll"
    2007-09-28 -18:05:42 - A…. "C:\WINDOWS\system32\dpv11.dll"
    2007-09-28 -18:05:50 - A…. "C:\WINDOWS\system32\dtu100.dll"
    2007-09-28 -18:07:44 - A…. "C:\WINDOWS\system32\libdivx.dll"
    2007-09-28 - 7:19:40 - A…. "C:\WINDOWS\system32\MRT.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\px.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxafs.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxcpya64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxcpyi64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxdrv.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxhpinst.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxinsa64.exe"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\pxinsi64.exe"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxmas.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxsfs.dll"
    2007-09-28 -18:07:50 - ….. "C:\WINDOWS\system32\pxwave.dll"
    2007-09-28 -18:07:52 - A…. "C:\WINDOWS\system32\qt-dx331.dll"
    2007-09-28 -18:07:44 - A…. "C:\WINDOWS\system32\ssldivx.dll"
    2007-09-28 -18:07:48 - ….. "C:\WINDOWS\system32\vxblock.dll"

    ((((((((((((((( FOUND FILES )))))))))))))))

    »»» Nothing Found.
    »»» HOSTS-file has been cleaned.

    ((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    ———- END OF LOG ———-




  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c03aea1a11]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:c03aea1a11]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:c03aea1a11] naar je Bureaublad.[list:c03aea1a11]
    Dubbelklik op [b:c03aea1a11]Combofix.exe[/b:c03aea1a11]
    Volg de instructies, aanvaard de disclaimer door [b:c03aea1a11]1[/b:c03aea1a11] (continue) te typen gevolgd door [b:c03aea1a11]ENTER[/b:c03aea1a11].
    Tijdens het runnen van de fix, [b:c03aea1a11]NIET[/b:c03aea1a11] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:c03aea1a11]
    Wanneer de fix voltooid is en na herstart, zal de log [b:c03aea1a11]combofix.txt[/b:c03aea1a11] openen.
    [i:c03aea1a11]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:c03aea1a11]

    OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:05, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-be\msntabres.dll.mui/229?5e8f926a371e486f968d9b2605afe8f0
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-be\msntabres.dll.mui/230?5e8f926a371e486f968d9b2605afe8f0
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tabita17.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 8421 bytes

    ComboFix 07-10-28.2 - Tabitake 2007-10-28 21:18:45.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.190 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Tabitake\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))
    .

    2007-10-28 21:17 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-28 10:22 <DIR> d——– C:\WINDOWS\Sun
    2007-10-28 10:22 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-28 10:22 <DIR> dr-h—– C:\Documents and Settings\Administrator\Onlangs geopend
    2007-10-28 10:22 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2007-10-28 10:22 <DIR> dr——- C:\Documents and Settings\Administrator\Mijn documenten
    2007-10-28 10:22 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
    2007-10-28 10:22 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
    2007-10-27 23:12 <DIR> d——– C:\BendeBoy
    2007-10-27 23:00 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-27 23:00 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-27 22:36 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
    2007-10-27 22:36 <DIR> dr——- C:\Documents and Settings\Administrator\Favorieten
    2007-10-27 21:40 <DIR> d——– C:\Documents and Settings\Tabitake\.housecall6.6
    2007-10-23 21:32 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-10-23 21:19 <DIR> d——– C:\WINDOWS\BDOSCAN8
    2007-10-23 18:09 45,056 –a—— C:\WINDOWS\system32\ftp.exe
    2007-10-23 18:09 17,408 –a—— C:\WINDOWS\system32\tftp.exe
    2007-10-22 19:58 <DIR> d–h—– C:\WINDOWS\PIF
    2007-10-15 20:30 <DIR> d——– C:\Documents and Settings\Tabitake\Application Data\Talkback
    2007-10-11 18:02 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-09-28 17:08 156,992 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 17:07 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:07 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-09-28 17:07 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 17:07 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-28 17:53 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\AVG7
    2007-10-28 09:21 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\AdobeUM
    2007-10-23 16:52 ——— d—–w C:\Program Files\Opera
    2007-10-23 16:49 ——— d—–w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2007-10-15 21:07 ——— d—–w C:\Program Files\DivX
    2007-10-15 19:33 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-10-15 19:33 ——— d—–w C:\Program Files\Windows Live Toolbar
    2007-10-15 19:33 ——— d—–w C:\Program Files\PIXresizer
    2007-10-15 19:33 ——— d—–w C:\Program Files\BOB-DEBOECK
    2007-10-11 20:26 ——— d—–w C:\Documents and Settings\Tabitake\Application Data\gtk-2.0
    2007-09-28 16:07 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-09-28 16:07 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-09-28 16:07 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-09-28 16:07 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-09-28 16:07 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-09-18 17:59 ——— d—–w C:\Program Files\Windows Live
    2007-09-18 17:59 ——— d—–w C:\Program Files\MSN Messenger
    2007-09-18 17:59 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-09-18 17:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-09-17 17:59 ——— d—–w C:\Program Files\Windows Live Favorites
    2007-09-17 17:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 271,224 —-a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 —-a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 17:00]
    "nwiz"="nwiz.exe" [2003-09-24 17:00 C:\WINDOWS\system32
    wiz.exe]
    "00THotkey"="C:\WINDOWS\System32\[u:3871eda27f]0[/u:3871eda27f]0THotkey.exe" [2003-05-23 13:13]
    "000StTHK"="000StTHK.exe" [2001-06-23 19:28 C:\WINDOWS\system32\[u:3871eda27f]0[/u:3871eda27f]00StTHK.exe]
    "SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe" [2003-08-03 15:01]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 18:25]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 18:23]
    "LTSMMSG"="LTSMMSG.exe" [2003-04-18 09:06 C:\WINDOWS\ltsmmsg.exe]
    "TFNF5"="TFNF5.exe" [2003-07-18 16:41 C:\WINDOWS\system32\TFNF5.exe]
    "NDSTray.exe"="NDSTray.exe" []
    "TPSMain"="TPSMain.exe" [2003-10-02 13:27 C:\WINDOWS\system32\TPSMain.exe]
    "TFncKy"="TFncKy.exe" []
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 12:55]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-27 21:22]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-28 21:10]
    "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:13]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys
    R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
    R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys
    S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-28 20:08:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-28 21:20:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-28 21:21:32
    .
    — E O F —






  • ziet er schoon uit, nog problemen???

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.