Vraag & Antwoord

Beveiliging & privacy

Hijack This logje

16 antwoorden
  • Hallo, Kan iemand mij dit logje even conroleren. Ik heb namelijk last van virusmeldingen en pop-ups. b.v.d., kevin Logfile of HijackThis v1.99.1 Scan saved at 15:08:37, on 26-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Creative\News\NewsUpd.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Opera\Opera.exe C:\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-partycrew.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\downloads\real\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\NEW EACH.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Proc Spam] C:\DOCUME~1\kevin\APPLIC~1\ONESTY~1\dart bias surf.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pmke.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:4e639a7608] O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS\Application Data\Software rule flag owns\NEW EACH.exe O4 - HKCU\..\Run: [Proc Spam] C:\DOCUME~1\kevin\APPLIC~1\ONESTY~1\dart bias surf.exe O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll [/b:4e639a7608] Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:4e639a7608]Extra[/b:4e639a7608] -> [b:4e639a7608]Mapopties...[/b:4e639a7608] Controleer onder [b:4e639a7608]Weergave[/b:4e639a7608] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: C:\Documents and Settings\All Users.WINDOWS\Application Data\[b:4e639a7608]Software rule flag owns[/b:4e639a7608]\ C:\DOCUME~1\kevin\APPLIC~1\[b:4e639a7608]ONESTY~1[/b:4e639a7608]\ Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe][b:4e639a7608]Deljob.exe[/b:4e639a7608][/url] Plaats het op je bureaublad. Indien je virusscanner de download van deljob.exe blokkeert, schakel dan tijdelijk je virusscanner uit of download de zip-versie [url=http://members.lycos.nl/deljob/deljob.zip][b:4e639a7608]deljob.zip[/b:4e639a7608][/url] en pak deze uit naar je Bureaublad. Dubbelklik [b:4e639a7608]Deljob.exe[/b:4e639a7608]. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:4e639a7608]logit.txt[/b:4e639a7608] in je volgende bericht. plus een nieuw hjt logje
  • -------------------------------------------------------- File(s) moved to C:\deljob A36768A891851F40.job -------------------------------------------------------- Files remaining after cleaning AppleSoftwareUpdate.job HP Usg Daily.job -------------------------------------------------------- App data folders De volumenaam van station C is BOOT Het volumenummer is 404E-7453 Map van C:\Documents and Settings\kevin\Application Data 03-01-2008 20:40 <DIR> . 03-01-2008 20:40 <DIR> .. 17-01-2007 18:18 <DIR> Adobe 08-01-2007 16:45 <DIR> APPLEC~1 Apple Computer 09-11-2006 14:37 <DIR> Google 10-09-2007 16:25 <DIR> GrabIt 14-09-2007 19:28 <DIR> Grisoft 22-07-2007 21:00 <DIR> HP 19-11-2007 18:13 <DIR> IDENTI~1 Identities 18-12-2006 20:28 <DIR> IMVU 12-01-2007 20:03 <DIR> Lavasoft 29-05-2007 15:49 <DIR> MACROM~1 Macromedia 22-07-2007 18:13 <DIR> MEDIAP~1 Media Player Classic 23-11-2007 18:55 <DIR> MICROG~1 Microgaming 21-09-2007 17:25 <DIR> MICROS~1 Microsoft 03-08-2007 18:50 <DIR> Opera 12-03-2007 09:24 <DIR> Real 25-10-2007 16:53 <DIR> Samsung 21-09-2007 17:23 <DIR> SCREAM~1 Screaming Bee 02-10-2007 18:20 <DIR> Skype 15-11-2006 18:32 <DIR> Sun 25-10-2007 12:30 <DIR> TEAMSP~1 teamspeak2 08-01-2007 14:18 <DIR> TORREN~1 Torrent101 28-09-2007 21:19 <DIR> U3 21-06-2007 16:28 <DIR> ULEADS~1 Ulead Systems 06-06-2007 12:21 <DIR> Xfire 08-12-2006 20:14 <DIR> Zylom 0 bestand(en) 0 bytes 27 map(pen) 36.247.666.688 bytes beschikbaar De volumenaam van station C is BOOT Het volumenummer is 404E-7453 Map van C:\Documents and Settings\All Users.WINDOWS\Application Data 03-01-2008 20:34 <DIR> . 03-01-2008 20:34 <DIR> .. 08-12-2007 19:09 <DIR> Adobe 04-10-2007 12:57 <DIR> Apple 14-11-2007 17:09 <DIR> APPLEC~1 Apple Computer 08-11-2006 10:23 <DIR> Google 14-09-2007 19:28 <DIR> Grisoft 22-07-2007 17:32 <DIR> HP 24-11-2007 23:21 <DIR> Logishrd 24-11-2007 23:20 <DIR> Logitech 07-09-2007 15:44 <DIR> MESSEN~1 Messenger Plus! 24-12-2007 22:43 <DIR> MICROS~1 Microsoft 05-05-2007 16:12 <DIR> MUVEET~1 muvee Technologies 27-03-2007 14:31 <DIR> NCHSWI~1 NCH Swift Sound 14-11-2006 14:39 <DIR> NETWOR~1 Network Associates 06-11-2006 17:36 <DIR> NVIDIA 11-06-2007 12:06 <DIR> NVIEW_~1 nView_Profiles 21-09-2007 17:23 <DIR> SCREAM~1 Screaming Bee 19-12-2006 13:55 <DIR> Skype 27-12-2007 11:41 <DIR> SPYBOT~1 Spybot - Search & Destroy 21-06-2007 16:26 <DIR> ULEADS~1 Ulead Systems 29-11-2006 14:28 <DIR> WINDOW~1 Windows Genuine Advantage 08-12-2006 20:14 <DIR> Zylom 0 bestand(en) 0 bytes 23 map(pen) 36.247.666.688 bytes beschikbaar --------------------------------------------------------
  • Logfile of HijackThis v1.99.1 Scan saved at 20:42:43, on 3-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTSvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe C:\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-partycrew.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\downloads\real\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Proc Spam] C:\DOCUME~1\kevin\APPLIC~1\ONESTY~1\dart bias surf.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pmke.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe Bedankt!!
  • wil je voor je volgend logje de juiste versie van HJT gebruiken aub. http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Het is niet weg denk ik. Schakel [b:0e149a82fc]Spybot's TeaTimer[/b:0e149a82fc] even uit, omdat deze de fix in de weg kan zitten: - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident [b:0e149a82fc]TeaTimer[/b:0e149a82fc] en klik OK - Herstart de computer Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat] ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op [b:0e149a82fc]ResetTeaTimer.bat[/b:0e149a82fc] om alle entries in [b:0e149a82fc] TeaTimer[/b:0e149a82fc] te verwijderen. [i:0e149a82fc]Als de computer schoon is, kun je [b:0e149a82fc]TeaTimer[/b:0e149a82fc] weer aan zetten [/i:0e149a82fc] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:0e149a82fc] O4 - HKCU\..\Run: [Proc Spam] C:\DOCUME~1\kevin\APPLIC~1\ONESTY~1\dart bias surf.exe [/b:0e149a82fc] Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:0e149a82fc]Extra[/b:0e149a82fc] -> [b:0e149a82fc]Mapopties...[/b:0e149a82fc] Controleer onder [b:0e149a82fc]Weergave[/b:0e149a82fc] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: ( desnoods in veilige modus ) C:\Documents and Settings\kevin\Application Data\[b:0e149a82fc]ONESTY~1[/b:0e149a82fc]\ run nogmaals de Deljob fix aub. Maak een nieuw HJT logje en plaats ook de deljob uitslag aub.
  • -------------------------------------------------------- File(s) moved to C:\deljob A36768A891851F40.job -------------------------------------------------------- Files remaining after cleaning AppleSoftwareUpdate.job HP Usg Daily.job -------------------------------------------------------- App data folders De volumenaam van station C is BOOT Het volumenummer is 404E-7453 Map van C:\Documents and Settings\kevin\Application Data 05-01-2008 17:02 <DIR> . 05-01-2008 17:02 <DIR> .. 17-01-2007 18:18 <DIR> Adobe 08-01-2007 16:45 <DIR> APPLEC~1 Apple Computer 09-11-2006 14:37 <DIR> Google 10-09-2007 16:25 <DIR> GrabIt 14-09-2007 19:28 <DIR> Grisoft 22-07-2007 21:00 <DIR> HP 19-11-2007 18:13 <DIR> IDENTI~1 Identities 18-12-2006 20:28 <DIR> IMVU 12-01-2007 20:03 <DIR> Lavasoft 29-05-2007 15:49 <DIR> MACROM~1 Macromedia 22-07-2007 18:13 <DIR> MEDIAP~1 Media Player Classic 23-11-2007 18:55 <DIR> MICROG~1 Microgaming 21-09-2007 17:25 <DIR> MICROS~1 Microsoft 03-08-2007 18:50 <DIR> Opera 12-03-2007 09:24 <DIR> Real 25-10-2007 16:53 <DIR> Samsung 21-09-2007 17:23 <DIR> SCREAM~1 Screaming Bee 02-10-2007 18:20 <DIR> Skype 15-11-2006 18:32 <DIR> Sun 25-10-2007 12:30 <DIR> TEAMSP~1 teamspeak2 08-01-2007 14:18 <DIR> TORREN~1 Torrent101 28-09-2007 21:19 <DIR> U3 21-06-2007 16:28 <DIR> ULEADS~1 Ulead Systems 06-06-2007 12:21 <DIR> Xfire 08-12-2006 20:14 <DIR> Zylom 0 bestand(en) 0 bytes 27 map(pen) 37.137.731.584 bytes beschikbaar De volumenaam van station C is BOOT Het volumenummer is 404E-7453 Map van C:\Documents and Settings\All Users.WINDOWS\Application Data 03-01-2008 20:34 <DIR> . 03-01-2008 20:34 <DIR> .. 08-12-2007 19:09 <DIR> Adobe 04-10-2007 12:57 <DIR> Apple 14-11-2007 17:09 <DIR> APPLEC~1 Apple Computer 08-11-2006 10:23 <DIR> Google 14-09-2007 19:28 <DIR> Grisoft 22-07-2007 17:32 <DIR> HP 24-11-2007 23:21 <DIR> Logishrd 24-11-2007 23:20 <DIR> Logitech 07-09-2007 15:44 <DIR> MESSEN~1 Messenger Plus! 24-12-2007 22:43 <DIR> MICROS~1 Microsoft 05-05-2007 16:12 <DIR> MUVEET~1 muvee Technologies 27-03-2007 14:31 <DIR> NCHSWI~1 NCH Swift Sound 14-11-2006 14:39 <DIR> NETWOR~1 Network Associates 06-11-2006 17:36 <DIR> NVIDIA 11-06-2007 12:06 <DIR> NVIEW_~1 nView_Profiles 21-09-2007 17:23 <DIR> SCREAM~1 Screaming Bee 19-12-2006 13:55 <DIR> Skype 27-12-2007 11:41 <DIR> SPYBOT~1 Spybot - Search & Destroy 21-06-2007 16:26 <DIR> ULEADS~1 Ulead Systems 29-11-2006 14:28 <DIR> WINDOW~1 Windows Genuine Advantage 08-12-2006 20:14 <DIR> Zylom 0 bestand(en) 0 bytes 23 map(pen) 37.137.731.584 bytes beschikbaar -------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:01, on 5-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-partycrew.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\downloads\real\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [{404E7453-0BB7-1043-1007-05092205001f}] "C:\Program Files\Common Files\{404E7453-0BB7-1043-1007-05092205001f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pmke.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 12103 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:850fcad28a] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:850fcad28a] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. verder netjes, hoe is het met de problemen ?
  • Lijkt goed zo. Bedankt! pmke
  • Ow, nog een vraagje/probleempje. Ik gebruik dus opera en de fouten van elke site worden telkens weergegeven in een foutenconsole. Dit bericht opent zich dus elke minuut. Hoe krijg ik dit weg of in iedere geval uitgeschakeld? Bedankt! Pmke
  • Dat weet ik helaas niet vraag dat hier eens, http://forum.computertotaal.nl/phpBB2/viewforum.php?f=10
  • Ja hoor! Nu heb ik weer ineens pop-up's. Dat terwijl ik niet eens vaak met explorer werk. Hier is weer een nieuw HJT-logje. Sorry voor het ongemak. Pmke Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:50, on 9-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\CmUCReye.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pmke.hyves.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\downloads\real\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [{404E7453-0BB7-1043-1007-05092205001f}] "C:\Program Files\Common Files\{404E7453-0BB7-1043-1007-05092205001f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pmke.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11947 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:4cf31396f8]Combofix[/b:4cf31396f8][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:4cf31396f8]download Combofix opnieuw[/b:4cf31396f8]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:4cf31396f8] Dubbelklik op [b:4cf31396f8]Combofix.exe[/b:4cf31396f8] Volg de instructies, aanvaard de disclaimer door [b:4cf31396f8]1[/b:4cf31396f8] (continue) te typen, gevolgd door [b:4cf31396f8]ENTER[/b:4cf31396f8]. Tijdens het runnen van de fix, [b:4cf31396f8]NIET[/b:4cf31396f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4cf31396f8] Wanneer de fix voltooid is en na herstart, zal de log [b:4cf31396f8]combofix.txt[/b:4cf31396f8] openen. [i:4cf31396f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4cf31396f8]
  • ComboFix 08-01-11.1 - kevin 2008-01-11 16:52:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.424 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\kevin\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kevin Lammers.KEVIN-01A047CFC\Application Data\Starware C:\Documents and Settings\Kevin Lammers.KEVIN-01A047CFC\Application Data\Starware\Manager\ManagerOptions.xml C:\Documents and Settings\Kevin Lammers.KEVIN-01A047CFC\Application Data\Starware\Manager\ManagerOptions.xml.backup C:\Program Files\Common Files\{304E7~1 C:\Program Files\Common Files\{404E7~1 . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))) . 2008-01-11 16:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 16:12 . 2008-01-06 16:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-06 14:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-06 14:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-06 14:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-05 23:09 . 2008-01-05 23:09 244 --ah----- C:\sqmnoopt04.sqm 2008-01-05 23:09 . 2008-01-05 23:09 244 --ah----- C:\sqmnoopt03.sqm 2008-01-05 23:09 . 2008-01-05 23:09 232 --ah----- C:\sqmdata04.sqm 2008-01-05 23:09 . 2008-01-05 23:09 232 --ah----- C:\sqmdata03.sqm 2008-01-05 23:08 . 2008-01-05 23:08 268 --ah----- C:\sqmdata02.sqm 2008-01-05 23:08 . 2008-01-05 23:08 244 --ah----- C:\sqmnoopt02.sqm 2008-01-05 23:01 . 2008-01-05 23:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 23:01 . 2008-01-05 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-01-05 22:59 . 2008-01-05 22:59 244 --ah----- C:\sqmnoopt01.sqm 2008-01-05 22:59 . 2008-01-05 22:59 232 --ah----- C:\sqmdata01.sqm 2008-01-05 16:50 . 2008-01-05 16:50 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-03 20:40 . 2008-01-03 20:40 <DIR> d-------- C:\deljob 2008-01-02 17:22 . 2008-01-02 17:22 <DIR> d-------- C:\Program Files\ONESTYLEDATE 2007-12-27 11:03 . 2007-12-27 11:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2007-12-24 22:42 . 2006-12-15 06:40 1,513,120 -ra------ C:\WINDOWS\system32\drivers\lvpopflt.sys 2007-12-24 22:42 . 2006-12-15 06:42 1,090,720 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys 2007-12-24 22:42 . 2003-02-21 13:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll 2007-12-24 22:42 . 2006-12-15 06:38 133,920 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-12-24 22:42 . 2006-12-15 06:42 22,432 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys 2007-12-24 22:42 . 2008-01-11 15:57 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs 2007-12-24 22:36 . 2007-12-24 22:36 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-12-21 17:05 . 2007-12-21 17:05 <DIR> d-------- C:\Program Files\Circle Developement 2007-12-18 20:47 . 2007-12-18 20:47 <DIR> d-------- C:\Program Files\Free Sound Recorder . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 18:36 --------- d-----w C:\Program Files\Opera 2008-01-05 22:07 --------- d-----w C:\Program Files\MSN Messenger 2008-01-05 22:01 --------- d-----w C:\Program Files\Windows Live 2007-12-25 10:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-25 10:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-24 21:42 --------- d-----w C:\Program Files\Common Files\logishrd 2007-12-21 16:11 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-19 16:27 --------- d-----w C:\Program Files\UnibetpokerMPP 2007-12-19 16:27 --------- d-----w C:\Program Files\Ahead 2007-11-29 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 09:40 --------- d-----w C:\Program Files\Activision 2007-11-24 22:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Logishrd 2007-11-24 22:20 --------- d-----w C:\Program Files\Logitech 2007-11-24 22:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2007-11-23 17:55 --------- d-----w C:\Documents and Settings\kevin\Application Data\Microgaming 2007-11-14 16:12 --------- d-----w C:\Program Files\iTunes 2007-11-14 16:12 --------- d-----w C:\Program Files\iPod 2007-11-14 16:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 16:10 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 17:57 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll 2007-10-21 17:51 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-12 00:57 195,096 ----a-w C:\WINDOWS\system32\lvci1150.dll 2006-08-06 13:47 4,096 ----a-w C:\Documents and Settings\Kevin Lammers.KEVIN-01A047CFC\log.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "PVR"="C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 13:23 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-22 23:21 7282688] "nwiz"="nwiz.exe" [2005-09-22 23:21 1519616 C:\WINDOWS\system32\nwiz.exe] "CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 19:17 237568] "NvMediaCenter"="NvMCTray.dll" [2005-09-22 23:21 86016 C:\WINDOWS\system32\nvmctray.dll] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21 176128] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 11:33 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 06:21 491520] "NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 15:20 14820864 C:\WINDOWS\RTHDCPL.EXE] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 06:37 35328] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 19:03 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 13:08 20480] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "QuickTime Task"="C:\downloads\real\QTTask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2006-12-22 12:31 244512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "{404E7453-0BB7-1043-1007-05092205001f}"= "C:\Program Files\Common Files\{404E7453-0BB7-1043-1007-05092205001f}\Update.exe" mc-110-12-0001411 R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-17 14:52] R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2006-06-24 01:39] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7503b317-6dd8-11dc-8c07-0040f479f06f}] \Shell\AutoRun\command - J:\LaunchU3.exe -a *Newly Created Service* - ENTDRV51 *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map "2007-12-26 16:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-10 16:49:00 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 16:55:32 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-11 16:56:11 ComboFix-quarantined-files.txt 2008-01-11 15:56:09 . 2008-01-09 17:32:00 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:57:36, on 11-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\CmUCReye.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pmke.hyves.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\downloads\real\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [{404E7453-0BB7-1043-1007-05092205001f}] "C:\Program Files\Common Files\{404E7453-0BB7-1043-1007-05092205001f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pmke.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11690 bytes
  • ziet er schoon uit zo. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen. Verwijder de volgende map: C:\[b:c97f32bea6]Qoobox[/b:c97f32bea6]\ Verwijder ComboFix via [b:c97f32bea6]Start[/b:c97f32bea6] > [b:c97f32bea6]Uitvoeren[/b:c97f32bea6], kopiëer en plak [b:c97f32bea6]Combofix /U[/b:c97f32bea6], kies optie 2 en Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. [img:c97f32bea6]http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png[/img:c97f32bea6] hoe is het nu met je problemen??
  • Zover ik weet goed. In ieder geval bedankt! Alleen het probleempje met de foutenconsole waar ik nog steeds gek van wordt. Ik heb nog steeds geen antwoord gekregen. Weet jij misschien waar ik het ook zou kunnen proberen? MVG, Kevin
  • http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=184394 al gevonden zie ik.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.