Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Google probleempje

None
21 antwoorden
  • Als ik een site zoek een google dan gaat alles prima, ik krijg een overzichtje met alle websites net zoals het normaal gaat.

    Echter als ik op een link klik dan kom ik heel vaak op een hele andere site uit.

    Bijvoorbeeld op daytotals.com, vaak word je vanaf daaruit ook weer doorgelinkt naar een andere site.

    Als ik bijvoorbeeld zoek op computer in google en ik klik de eerste site aan dan kom ik hier uit: http://www-search.net/computer.cfm?pt=2&rpt=1&kt=1

    ALs ik vervolgens met 'vorige' terugga naar google en nog een keer op dezelfde link klik doet die het vaak wel.

    Ik heb ad-aware al een volledige systeemscan laten doen maar het lost niets op.

    Iemand enig idee?
  • probeer ook eens een scan met spybots 'search and destroy'.. ik denk namelijk toch aan spyware/adware oid..

    http://www.safer-networking.org

    succes..
  • Geprobeerd maar zonder resultaat helaas.

    Toch bedankt voor de tip!
  • en als je een andere browser gebruikt ? Firefox oid ?
  • Ik gebruik al firefox.

    Maar het probleem doet zich voor zowel in firefox als in IE.
  • zal wel een verminking van de hosts-file zijn.
    wordt in deze topic behandeld: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=183842&start=0&postdays=0&postorder=asc&highlight=hosts
  • Plaats even een hijackthis log, dan kijkt er wel even iemand naar.
  • Ik heb de hostfile aangepast.

    Het lijkt nu goed te gaan, heb even geprobeert en tot nu toe is alles weer zoals het hoort te zijn.

    Bedankt voor de reacties!
  • We zijn weer een paar uurtjes verder.

    Het is dus nog niet goed, vanmiddag leek het aardig te gaan maar nu lijkt het alleen maar erger te zijn geworden.

    Iemand nog suggesties?
  • Ik weet niet hoe het bij anderen is, maar die "[b:c2b6f70125]hosts[/b:c2b6f70125]" file is een "tekst editable" bestand (kladblok) waar slechts 1 adres in staat (localhost)….. En da's de enige "werkende" regel.
    Dus wat die [b:c2b6f70125]hosts[/b:c2b6f70125] file "doet"…..? :roll: Ik hoor het graag!!

    In dit geval lijkt het (m.i.) meer op een corrupte DNS cache. Toch…?
    Via de command (Uitvoeren - cmd): [b:c2b6f70125]ipconfig /flushdns[/b:c2b6f70125]
    Wil ook nog wel eens helpen….. :wink:
  • [quote:c189ec162c="lion"]Ik weet niet hoe het bij anderen is, maar die "[b:c189ec162c]hosts[/b:c189ec162c]" file is een "tekst editable" bestand (kladblok) waar slechts 1 adres in staat (localhost)….. En da's de enige "werkende" regel.
    Dus wat die [b:c189ec162c]hosts[/b:c189ec162c] file "doet"…..? :roll: Ik hoor het graag!!

    In dit geval lijkt het (m.i.) meer op een corrupte DNS cache. Toch…?
    Via de command (Uitvoeren - cmd): [b:c189ec162c]ipconfig /flushdns[/b:c189ec162c]
    Wil ook nog wel eens helpen….. :wink:[/quote:c189ec162c]
    Ik heb nu een hostfile met een aantal extra regels, hierin staan sites die je beter niet kan bezoeken en die worden dus geblokkeerd.

    Ik heb flushdns geprobeert maar het lijkt niets uit te halen.
  • Nog even naar aanleiding van de post an gerben, hier is een HijackThis log van mijn pc.

    [code:1:e6ce007603]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:35:35, on 30-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D18C5D-4473-4B58-AFA5-201DC465AD13}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0FB05B-EF38-4B05-8DF6-9F2F63D24CDD}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF2F96A-5083-4286-BBD6-DB1C4749154D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81327D8A-D6B2-4462-87A9-B465D92C72C1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A80588-1F16-47E2-A15E-B7E0190C35F0}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.64
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 85.255.114.108,85.255.112.64
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.64
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 85.255.114.108,85.255.112.64
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 10007 bytes
    [/code:1:e6ce007603]
  • Download de WareOutfix[/color:b76314ca9e] van één van deze twee site's:
    [list:b76314ca9e]
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    [/list:u:b76314ca9e]
    Sla het op op je Bureaublad en laat het runnen.
    Klik dan op [b:b76314ca9e]Next[/b:b76314ca9e], dan op [b:b76314ca9e]Install[/b:b76314ca9e],
    wees zeker dat [u:b76314ca9e]Run fixit[/u:b76314ca9e] is aangevinkt en klik op [b:b76314ca9e]Finish[/b:b76314ca9e].
    De fix zal beginnen; volg de instructies die je krijgt.
    Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook.
    Je computer zal nu wat trager opstarten, [i:b76314ca9e]dit is normaal[/i:b76314ca9e].
    Zodra je Bureaublad geladen is, zal een tekstbestand openen ([b:b76314ca9e]report.txt[/b:b76314ca9e]).


    [b:b76314ca9e]Als je problemen hebt met de internet verbinding, voer dan het volgende uit[/b:b76314ca9e]:
    Ga naar het Configuratiescherm en klik op "[i:b76314ca9e]Netwerkverbindingen[/i:b76314ca9e]". Rechtsklik op je standaard verbinding en kies "[i:b76314ca9e]Eigenschappen[/i:b76314ca9e]".
    Klik op het tabblad "[i:b76314ca9e]Algemeen[/i:b76314ca9e]" en dubbelklik op "[i:b76314ca9e]Internet-Protocol (TCP/IP)[/i:b76314ca9e]". Selecteer "[i:b76314ca9e]Automatisch een DNS-serveradres laten toewijzen[/i:b76314ca9e]".

    Ga naar Start – Uitvoeren en tik in "[b:b76314ca9e]cmd[/b:b76314ca9e]"
    Druk op enter.
    Daarna tik je in: [b:b76314ca9e]ipconfig /flushdns[/b:b76314ca9e]
    Druk op enter.
    Sluit het venster.

    Post het logje van Wareoutfix tesamen met een vers Hijackthis logje in je volgende bericht :)
  • Wareoutfix:

    [code:1:1869e70cc3]Username "Paul" - 04-01-2008 15:28:08 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdhai.exe"

    De DNS-omzettingscache is leeggemaakt.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ….
    ….
    ~~~~~ Misc files.
    ….
    ~~~~~ Checking for older varients.
    ….
    ~~~~~ Other
    C:\WINDOWS\Temp\kdhai.ren 73749 13-06-2007

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "JMB36X IDE Setup"="C:\\WINDOWS\\JM\\JMInsIDE.exe"
    "36X Raid Configurer"="C:\\WINDOWS\\system32\\JMRaidSetup.exe boot"
    "Ai Quicker Help"="\"C:\\Program Files\\ASUS\\ASUS DH Remote\\AsRc.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
    "NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\""
    "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "PC Suite Tray"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe\" -onlytray"
    ….
    Hosts file was reset, If you use a custom hosts file please replace it…
    ~~~~~ End report ~~~~~
    [/code:1:1869e70cc3]

    HijackThis:

    [code:1:1869e70cc3]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:35:11, on 4-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D18C5D-4473-4B58-AFA5-201DC465AD13}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0FB05B-EF38-4B05-8DF6-9F2F63D24CDD}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF2F96A-5083-4286-BBD6-DB1C4749154D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81327D8A-D6B2-4462-87A9-B465D92C72C1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.64
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 85.255.114.108,85.255.112.64
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 9450 bytes
    [/code:1:1869e70cc3]


    Dit zijn de logs.
  • Zet aub de Windows Defender Real Time Protection uit omdat het de fix kan verstoren. Om het uit te zetten:
    [list:dd0a082354]
    Open [b:dd0a082354]Windows Defender[/b:dd0a082354]
    Klik [b:dd0a082354]Tool[/b:dd0a082354]
    Klik [b:dd0a082354]General Settings[/b:dd0a082354]
    Scroll naar [b:dd0a082354]Real Time Protection Options[/b:dd0a082354]
    Haal het vinkje weg bij [b:dd0a082354]Turn on Real Time Protection[/b:dd0a082354] (recommended)
    Klik [b:dd0a082354]Save[/b:dd0a082354]
    Sluit Windows Defender
    [/list:u:dd0a082354]
    Als je log schoon is kan je het weer aanzetten.

    Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer
    - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

    [b:dd0a082354]Zet dadelijk één van de twee weer aan om conflicten te voorkomen![/b:dd0a082354]

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:dd0a082354]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63D18C5D-4473-4B58-AFA5-201DC465AD13}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0FB05B-EF38-4B05-8DF6-9F2F63D24CDD}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF2F96A-5083-4286-BBD6-DB1C4749154D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81327D8A-D6B2-4462-87A9-B465D92C72C1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.64
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 85.255.114.108,85.255.112.64
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E21F72C-104C-4D20-8612-15EDC9A60611}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    [/b:dd0a082354]
    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'Fix checked'.

    Laat nu Wareoutfix opnieuw runnen.
    Post de logje in je volgende post samen met een nieuw Hijackthis logfile.

    Succes!

    Pim
  • Nieuwe logs:

    [code:1:0d264eb038]Username "Paul" - 04-01-2008 16:32:06 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    De DNS-omzettingscache is leeggemaakt.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ….
    ….
    ~~~~~ Misc files.
    ….
    ~~~~~ Checking for older varients.
    ….
    ~~~~~ Other
    C:\WINDOWS\Temp\kdhai.ren 73749 13-06-2007

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "JMB36X IDE Setup"="C:\\WINDOWS\\JM\\JMInsIDE.exe"
    "36X Raid Configurer"="C:\\WINDOWS\\system32\\JMRaidSetup.exe boot"
    "Ai Quicker Help"="\"C:\\Program Files\\ASUS\\ASUS DH Remote\\AsRc.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
    "NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\""
    "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "PC Suite Tray"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe\" -onlytray"
    ….
    Hosts file was reset, If you use a custom hosts file please replace it…
    ~~~~~ End report ~~~~~[/code:1:0d264eb038]


    [code:1:0d264eb038]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:36:32, on 4-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 8073 bytes
    [/code:1:0d264eb038]
  • Prima :)

    Download [b:478763a065]Combofix[/b:478763a065] naar je [b:478763a065]bureaublad[/b:478763a065]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:478763a065]download Combofix opnieuw[/b:478763a065]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:478763a065]combofix.exe[/u:478763a065]
    Kies voor "Continue" door [b:478763a065]1[/b:478763a065] te typen gevolgd door [b:478763a065]ENTER[/b:478763a065].
    Tijdens het runnen van de fix, [b:478763a065]NIET[/b:478763a065] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:478763a065]combofix.txt[/b:478763a065] openen.
    [i:478763a065]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:478763a065]

    Succes!
    Pim
  • Combofixlogbestandjeomdatwenognietzoveellogshebben:
    [code:1:2cc40d0fdb]ComboFix 08-01-04.1 - Paul 2008-01-04 17:04:03.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1229 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))
    .

    2008-01-04 17:03 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-04 16:51 . 2008-01-04 16:51 <DIR> d–hs—- C:\Documents and Settings\Paul\Phone Browser
    2008-01-03 16:19 . 2008-01-04 16:11 <DIR> d——– C:\Program Files\Norton Security Scan
    2008-01-02 16:39 . 2008-01-02 16:41 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-02 16:39 . 2008-01-02 16:39 <DIR> d——– C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-30 20:34 . 2007-12-30 20:34 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-30 18:44 . 2007-12-30 18:45 <DIR> d——– C:\Program Files\RegCleaner
    2007-12-30 11:49 . 2007-12-30 12:06 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-29 14:35 . 2007-12-29 14:36 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-12-29 14:33 . 2007-12-29 14:33 <DIR> d——– C:\Program Files\PC Connectivity Solution
    2007-12-29 14:33 . 2007-12-29 14:33 <DIR> d——– C:\Program Files\Nokia
    2007-12-29 14:33 . 2007-12-29 14:33 <DIR> d——– C:\Program Files\DIFX
    2007-12-29 14:33 . 2007-12-29 14:33 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-12-29 14:33 . 2007-12-29 14:33 <DIR> d——– C:\Program Files\Common Files\Nokia
    2007-12-29 14:33 . 2007-12-29 14:37 <DIR> d——– C:\Documents and Settings\Paul\Application Data\PC Suite
    2007-12-29 14:33 . 2007-12-29 14:36 <DIR> d——– C:\Documents and Settings\Paul\Application Data\Nokia
    2007-12-29 14:33 . 2007-02-22 10:15 137,216 –a—— C:\WINDOWS\system32\drivers
    mwcd.sys
    2007-12-29 14:33 . 2007-02-22 10:15 90,624 –a—— C:\WINDOWS\system32
    mwcdcls.dll
    2007-12-29 14:33 . 2007-02-22 10:15 65,536 –a—— C:\WINDOWS\system32
    mwcdcocls.dll
    2007-12-29 14:33 . 2007-02-22 10:15 12,288 –a—— C:\WINDOWS\system32\drivers
    mwcdcm.sys
    2007-12-29 14:33 . 2007-02-22 10:15 12,288 –a—— C:\WINDOWS\system32\drivers
    mwcdcj.sys
    2007-12-29 14:33 . 2007-02-22 10:15 8,320 –a—— C:\WINDOWS\system32\drivers
    mwcdc.sys
    2007-12-29 14:29 . 2007-12-29 14:32 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Installations
    2007-12-26 12:10 . 2007-12-26 12:10 <DIR> d——– C:\Program Files\Lavasoft
    2007-12-26 12:10 . 2007-12-26 12:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-26 12:06 . 2007-12-26 12:06 <DIR> d——– C:\Program Files\Windows Defender
    2007-12-25 13:13 . 2007-12-25 13:13 <DIR> d——– C:\Documents and Settings\Paul\Application Data\Thinstall
    2007-12-24 12:33 . 2004-08-04 13:00 468,268 -ra—— C:\txtsetup.sif
    2007-12-24 12:33 . 2004-08-04 13:00 261,936 -ra—— C:\$LDR$
    2007-12-16 14:04 . 2007-12-16 14:04 <DIR> d——– C:\Program Files\GTATools
    2007-12-15 12:13 . 2007-12-15 12:13 287 –a—— C:\WINDOWS\EReg072.dat
    2007-12-13 17:03 . 2007-12-26 12:20 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-12 20:37 . 2007-03-11 13:04 181,408 -rahs—- C:\grldr
    2007-12-12 20:05 . 2007-12-13 05:15 <DIR> d–hs—- C:\Boot
    2007-12-12 20:05 . 2006-11-02 10:53 438,840 -rahs—- C:\bootmgr
    2007-12-12 20:05 . 2007-12-13 05:15 8,192 -ra-s—- C:\BOOTSECT.BAK
    2007-12-12 20:05 . 2007-12-14 09:21 355 -rahs—- C:\Boot.BAK
    2007-12-12 19:56 . 2007-12-12 19:57 <DIR> d——– C:\Program Files\PowerISO
    2007-12-11 20:46 . 2007-12-11 20:46 4,816 –a—— C:\WINDOWS\system32\divxsm.tlb
    2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-12-11 20:45 . 2007-12-11 20:45 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-12-11 20:43 . 2007-12-11 20:43 12,288 –a—— C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-08 18:40 . 2007-12-22 15:57 <DIR> d——– C:\Documents and Settings\Paul\Application Data\Creative
    2007-12-08 17:37 . 2000-05-22 01:58 647,872 ——— C:\WINDOWS\system32\Mscomct2.ocx
    2007-12-08 17:37 . 2006-10-05 23:17 53,248 ——— C:\WINDOWS\Ctregrun.exe
    2007-12-08 17:37 . 2003-06-12 23:25 7,062 –a—— C:\WINDOWS\system32\audiopid.vxd
    2007-12-08 17:36 . 2007-12-08 17:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Creative
    2007-12-08 17:35 . 2007-12-08 17:36 <DIR> d–h—– C:\Program Files\Creative Installation Information
    2007-12-08 17:35 . 2007-12-08 17:37 <DIR> d——– C:\Program Files\Creative
    2007-12-08 17:35 . 2007-12-08 17:35 <DIR> d——– C:\Program Files\Common Files\Creative
    2007-12-08 17:35 . 1999-12-12 18:01 44,032 ——— C:\WINDOWS\system32\CTSVCCDA.EXE
    2007-12-08 17:35 . 1999-11-17 18:00 25,088 ——— C:\WINDOWS\system32\CTSVCCTL.EXE
    2007-12-08 10:07 . 2007-12-12 20:06 1,887 –a—— C:\WINDOWS\diagwrn.xml
    2007-12-08 10:07 . 2007-12-12 20:06 1,887 –a—— C:\WINDOWS\diagerr.xml

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-04 16:05 ——— d—–w C:\Program Files\Symantec AntiVirus
    2008-01-04 15:12 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-01-04 11:09 ——— d—–w C:\Documents and Settings\Paul\Application Data\LimeWire
    2008-01-02 15:43 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-02 15:39 ——— d—–w C:\Program Files\Windows Live
    2007-12-30 19:47 ——— d—–w C:\Documents and Settings\Paul\Application Data\uTorrent
    2007-12-26 18:11 ——— d—–w C:\Program Files\SpeedFan
    2007-12-22 19:15 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-12-21 12:20 3,532 —-a-w C:\drmHeader.bin
    2007-12-21 12:04 ——— d—–w C:\Program Files\DivX
    2007-12-12 11:15 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-11 19:46 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-12-11 19:46 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-12-11 19:46 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-12-11 19:46 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-12-11 19:46 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-12-11 19:46 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-12-11 19:46 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-11 19:46 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-12-11 19:44 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-11 19:44 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-11 19:44 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-12-11 19:44 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-11 19:44 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-12-11 19:44 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-12-11 19:44 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-12-11 19:44 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-12-11 19:44 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-12-11 19:44 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-12-11 19:44 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-12-11 19:44 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-12-11 19:44 156,992 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-12-08 19:38 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-12-06 17:40 ——— d—–w C:\Program Files\Java
    2007-12-01 09:45 ——— d—–w C:\Program Files\Xilisoft
    2007-11-28 14:22 ——— d—–w C:\Program Files\Common Files\Nero
    2007-11-28 14:22 ——— d—–w C:\Documents and Settings\Paul\Application Data\Nero
    2007-11-28 14:21 ——— d—–w C:\Program Files\Nero
    2007-11-28 14:21 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-27 17:03 ——— d—–w C:\Program Files\CUE Splitter
    2007-11-17 09:35 ——— d—–w C:\Program Files\ASUS
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-06 08:20 831,048 —-a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-24 17:03 107,888 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-10-23 13:20 972,072 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-10-22 07:51 972,072 —-a-w C:\WINDOWS\UNRecode.exe
    2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-09-08 18:33 190024]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 18:25 1211176]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
    "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
    "36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 10:05 1953792]
    "Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 20:29 3165696]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42 48752]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 12:28 85744]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 12:27]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]
    S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 09:35]
    S3 SoC PC-Camera Service;Q-TEC WEBCAM 100 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-02-10 12:40]
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d0d19e2-7c88-11dc-ac28-001bfc016eb1}]
    \Shell\AutoRun\command - L:\LaunchU3.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-04 15:37:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-03 15:19:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-04 17:07:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-04 17:08:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-04 16:08:43
    .
    2008-01-04 09:45:01 — E O F —
    [/code:1:2cc40d0fdb]


    En nog een keer een hijack:
    [code:1:2cc40d0fdb]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:11:44, on 4-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 8034 bytes
    [/code:1:2cc40d0fdb]


    En een extraatje: het lijkt er op dit moment op dat google weer helemaal werkt maar dat kan natuurlijk weer veranderen.
  • Je logfile ziet er weer goed uit 8)

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:18ac15f492]Select All[/b:18ac15f492].
    Klik op de knop [b:18ac15f492]Empty Selected[/b:18ac15f492].

    Het volgende doen als je ook [u:18ac15f492]FireFox[/u:18ac15f492] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:18ac15f492]Select All[/b:18ac15f492].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:18ac15f492]Empty Selected.[/b:18ac15f492]

    Het volgende doen als je ook [u:18ac15f492]Opera[/u:18ac15f492] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:18ac15f492]Select All[/b:18ac15f492].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:18ac15f492]Empty Selected[/b:18ac15f492].
    Ga naar het tabblad "Main" en klik op de knop [b:18ac15f492]Exit[/b:18ac15f492] om het programma af te sluiten.

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:18ac15f492]combofix /u[/b:18ac15f492]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Nog problemen?
    Pim
  • Bedankt voor je reacties.

    Het lijkt op het moment allemaal goed te gaan.

    Mocht er toch nog iets niet kloppen dan geef ik wel weer een brul.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.