Vraag & Antwoord

Beveiliging & privacy

Trage computer dus een HJthis log

3 antwoorden
  • Goedenavond mijn beste computerexperts. De computer van mijn vriendin wordt trager en trager per dag, en op dit moment is het bijna niet meer werkbaar. Uiteraard meerdere spyware/virus/malware verwijderaars gebruikt, en ook de standaard riedel van defragmenteren/schijfcontroles gedaan. Toch...ben ik verre van tevreden. Ik heb dus maar een keer een HJlog gemaakt, en die zal ik hieronder posten. Het is de eerste keer dat ik dit doe, dus hoop ik dat het goed doe zo. Ik heb ieder geval door het lezen van de stickies getracht het netjes te doen :). [quote:bd1391257b][hjt] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54:46, on 25-6-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal [b:bd1391257b]Running processes:[/b:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]smss.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]winlogon.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]services.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]lsass.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ati2evxx.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]svchost.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]svchost.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]svchost.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ati2evxx.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]spoolsv.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ctsvccda.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]svchost.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\spyware doctor\[/color:bd1391257b][color=blue:bd1391257b]pctsauxs.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]svchost.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]mspmspsv.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\msn messenger\[/color:bd1391257b][color=blue:bd1391257b]usnsvc.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]winlogon.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ati2evxx.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\[/color:bd1391257b][color=blue:bd1391257b]explorer.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\ati technologies\ati control panel\[/color:bd1391257b][color=blue:bd1391257b]atiptaxx.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\cyberlink\powerdvd\[/color:bd1391257b][color=blue:bd1391257b]pdvdserv.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\roxio\easy cd creator 6\audiocentral\[/color:bd1391257b][color=blue:bd1391257b]rxmon.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\java\jre1.6.0_05\bin\[/color:bd1391257b][color=blue:bd1391257b]jusched.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\creative\mediasource\detector\[/color:bd1391257b][color=blue:bd1391257b]ctdetect.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\windows media player\[/color:bd1391257b][color=blue:bd1391257b]wmpnscfg.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\common files\teleca shared\[/color:bd1391257b][color=blue:bd1391257b]capabilitymanager.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\roxio\easy cd creator 6\audiocentral\[/color:bd1391257b][color=blue:bd1391257b]playlist.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\adobe\acrobat 6.0\distillr\[/color:bd1391257b][color=blue:bd1391257b]acrotray.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\adobe\acrobat 7.0\reader\[/color:bd1391257b][color=blue:bd1391257b]reader_sl.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\common files\teleca shared\[/color:bd1391257b][color=blue:bd1391257b]generic.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\sony ericsson\mobile2\mobile phone monitor\[/color:bd1391257b][color=blue:bd1391257b]epmworker.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]wscntfy.exe[/color:bd1391257b] [color=teal:bd1391257b]c:\program files\trend micro\hijackthis\[/color:bd1391257b][color=blue:bd1391257b]hijackthis.exe[/color:bd1391257b] [color=silver:bd1391257b]r1 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\software\microsoft\internet explorer\main[/color:bd1391257b],search page = [u:bd1391257b][noparse]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r0 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\software\microsoft\internet explorer\main[/color:bd1391257b],start page = [u:bd1391257b][noparse]http://www.google.nl/[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r1 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\software\microsoft\internet explorer\main[/color:bd1391257b],default_page_url = [u:bd1391257b][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r1 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\software\microsoft\internet explorer\main[/color:bd1391257b],default_search_url = [u:bd1391257b][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r1 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\software\microsoft\internet explorer\main[/color:bd1391257b],search page = [u:bd1391257b][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r0 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\software\microsoft\internet explorer\main[/color:bd1391257b],start page = [u:bd1391257b][noparse]http://www.microsoft.com/isapi/redir.dll?prd={sub_prd}&clcid={sub_clsid}&pver={sub_pver}&ar=home[/noparse][/u:bd1391257b] [color=silver:bd1391257b]r0 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\software\microsoft\internet explorer\main[/color:bd1391257b],local page = [color=silver:bd1391257b]r0 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\software\microsoft\internet explorer\toolbar[/color:bd1391257b],linksfoldername = koppelingen [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: (no name) - software - (no file) [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: (no name) - [color=orange:bd1391257b]{53707962-6f74-2d53-2644-206d7942484f}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\spybot - search & destroy\[/color:bd1391257b][color=blue:bd1391257b]sdhelper.dll[/color:bd1391257b] [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: ssvhelper class - [color=orange:bd1391257b]{761497bb-d6f0-462c-b6eb-d4daf1d92d43}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\java\jre1.6.0_05\bin\[/color:bd1391257b][color=blue:bd1391257b]ssv.dll[/color:bd1391257b] [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: windows live sign-in helper - [color=orange:bd1391257b]{9030d464-4c02-4abf-8ecc-5164760863c6}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\common files\microsoft shared\windows live\[/color:bd1391257b][color=blue:bd1391257b]windowslivelogin.dll[/color:bd1391257b] [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: acroietoolbarhelper class - [color=orange:bd1391257b]{ae7cd045-e861-484f-8273-0445ee161910}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\adobe\acrobat 6.0\acrobat\[/color:bd1391257b][color=blue:bd1391257b]acroiefavclient.dll[/color:bd1391257b] [color=silver:bd1391257b]o2 -[/color:bd1391257b] [color=brown:bd1391257b]bho[/color:bd1391257b]: pdfcreator toolbar helper - [color=orange:bd1391257b]{c451c08a-ec37-45df-aaad-18b51ab5e837}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\pdfcreator toolbar\v3.0.0.0\[/color:bd1391257b][color=blue:bd1391257b]pdfcreator_toolbar.dll[/color:bd1391257b] [color=silver:bd1391257b]o3 -[/color:bd1391257b] [color=brown:bd1391257b]toolbar[/color:bd1391257b]: adobe pdf - [color=orange:bd1391257b]{47833539-d0c5-4125-9fa8-0819e2eaac93}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\adobe\acrobat 6.0\acrobat\[/color:bd1391257b][color=blue:bd1391257b]acroiefavclient.dll[/color:bd1391257b] [color=silver:bd1391257b]o3 -[/color:bd1391257b] [color=brown:bd1391257b]toolbar[/color:bd1391257b]: pdfcreator toolbar - [color=orange:bd1391257b]{31cf9ebe-5755-4a1d-ac25-2834d952d9b4}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\pdfcreator toolbar\v3.0.0.0\[/color:bd1391257b][color=blue:bd1391257b]pdfcreator_toolbar.dll[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][atipta][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\ati technologies\ati control panel\[/color:bd1391257b][color=blue:bd1391257b]atiptaxx.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][remotecontrol][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\cyberlink\powerdvd\[/color:bd1391257b][color=blue:bd1391257b]pdvdserv.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][nerofiltercheck][/b:bd1391257b] [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]nerocheck.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][roxioengineutility][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\common files\roxio shared\system\[/color:bd1391257b][color=blue:bd1391257b]engutil.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][roxiodragtodisc][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\roxio\easy cd creator 6\dragtodisc\[/color:bd1391257b][color=blue:bd1391257b]drgtodsc.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][roxioaudiocentral][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\roxio\easy cd creator 6\audiocentral\[/color:bd1391257b][color=blue:bd1391257b]rxmon.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][sunjavaupdatesched][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\java\jre1.6.0_05\bin\[/color:bd1391257b][color=blue:bd1391257b]jusched.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][ituneshelper][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\itunes\[/color:bd1391257b][color=blue:bd1391257b]ituneshelper.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][quicktime task][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\quicktime\[/color:bd1391257b][color=blue:bd1391257b]qttask.exe[/color:bd1391257b] -atboottime [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][sony ericsson pc suite][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\sony ericsson\mobile2\application launcher\[/color:bd1391257b][color=blue:bd1391257b]application launcher.exe[/color:bd1391257b] /startoptions [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hklm\..\run[/color:bd1391257b]: [b:bd1391257b][zonealarm client][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\zone labs\zonealarm\[/color:bd1391257b][color=blue:bd1391257b]zlclient.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\..\run[/color:bd1391257b]: [b:bd1391257b][skype][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\skype\phone\[/color:bd1391257b][color=blue:bd1391257b]skype.exe[/color:bd1391257b] /nosplash /minimized [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\..\run[/color:bd1391257b]: [b:bd1391257b][creative detector][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\creative\mediasource\detector\[/color:bd1391257b][color=blue:bd1391257b]ctdetect.exe[/color:bd1391257b] /r [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\..\run[/color:bd1391257b]: [b:bd1391257b][updatemgr][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\adobe\acrobat 7.0\reader\[/color:bd1391257b][color=blue:bd1391257b]adobeupdatemanager.exe[/color:bd1391257b] acrds7_0_0 [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkcu\..\run[/color:bd1391257b]: [b:bd1391257b][wmpnscfg][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\windows media player\[/color:bd1391257b][color=blue:bd1391257b]wmpnscfg.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkus\s-1-5-21-796845957-261903793-839522115-1006\..\run[/color:bd1391257b]: [b:bd1391257b][msnmsgr][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\msn messenger\[/color:bd1391257b][color=blue:bd1391257b]msnmsgr.exe[/color:bd1391257b] /background (user 'guido') [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]hkus\s-1-5-21-796845957-261903793-839522115-1006\..\run[/color:bd1391257b]: [b:bd1391257b][wmpnscfg][/b:bd1391257b] [color=teal:bd1391257b]c:\program files\windows media player\[/color:bd1391257b][color=blue:bd1391257b]wmpnscfg.exe[/color:bd1391257b] (user 'guido') [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]global startup[/color:bd1391257b]: acrobat assistant.lnk = [color=teal:bd1391257b]c:\program files\adobe\acrobat 6.0\distillr\[/color:bd1391257b][color=blue:bd1391257b]acrotray.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]global startup[/color:bd1391257b]: adobe reader speed launch.lnk = [color=teal:bd1391257b]c:\program files\adobe\acrobat 7.0\reader\[/color:bd1391257b][color=blue:bd1391257b]reader_sl.exe[/color:bd1391257b] [color=silver:bd1391257b]o4 -[/color:bd1391257b] [color=brown:bd1391257b]global startup[/color:bd1391257b]: microsoft office.lnk = [color=teal:bd1391257b]c:\program files\microsoft office\office\[/color:bd1391257b][color=blue:bd1391257b]osa9.exe[/color:bd1391257b] [color=silver:bd1391257b]o9 -[/color:bd1391257b] [color=brown:bd1391257b]extra button[/color:bd1391257b]: (no name) - [color=orange:bd1391257b]{08b0e5c0-4fcb-11cf-aaa5-00401c608501}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\java\jre1.6.0_05\bin\[/color:bd1391257b][color=blue:bd1391257b]ssv.dll[/color:bd1391257b] [color=silver:bd1391257b]o9 -[/color:bd1391257b] [color=brown:bd1391257b]extra 'tools' menuitem[/color:bd1391257b]: sun java console - [color=orange:bd1391257b]{08b0e5c0-4fcb-11cf-aaa5-00401c608501}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\java\jre1.6.0_05\bin\[/color:bd1391257b][color=blue:bd1391257b]ssv.dll[/color:bd1391257b] [color=silver:bd1391257b]o9 -[/color:bd1391257b] [color=brown:bd1391257b]extra button[/color:bd1391257b]: messenger - [color=orange:bd1391257b]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\messenger\[/color:bd1391257b][color=blue:bd1391257b]msmsgs.exe[/color:bd1391257b] [color=silver:bd1391257b]o9 -[/color:bd1391257b] [color=brown:bd1391257b]extra 'tools' menuitem[/color:bd1391257b]: windows messenger - [color=orange:bd1391257b]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:bd1391257b] - [color=teal:bd1391257b]c:\program files\messenger\[/color:bd1391257b][color=blue:bd1391257b]msmsgs.exe[/color:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{003fada5-8fee-11d6-afb7-0004768f6183}[/color:bd1391257b] (cryptorsa control) - [u:bd1391257b][noparse]https://www.p3.postbank.nl/sesam/cax.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{1239cc52-59ef-4dfa-8c61-90ffa846df7e}[/color:bd1391257b] - [u:bd1391257b][noparse]http://www.musicnotes.com/download/mnviewer.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{17492023-c23a-453e-a040-c7c580bbf700}[/color:bd1391257b] (windows genuine advantage validation tool) - [u:bd1391257b][noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{18226bf8-dc0b-4d81-80e9-a41ae37bb73a}[/color:bd1391257b] (ewa control) - [u:bd1391257b][noparse]http://download.pplive.com/synalivesetup(1.7.23)_ie.exe[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{2917297f-f02b-4b9d-81df-494b6333150b}[/color:bd1391257b] (minesweeper flags class) - [u:bd1391257b][noparse]http://messenger.zone.msn.com/binary/minesweeper.cab31267.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe}[/color:bd1391257b] (jordanuploader class) - [u:bd1391257b][noparse]http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{4f1e5b1a-2a80-42ca-8532-2d05cb959537}[/color:bd1391257b] (msn photo upload tool) - [u:bd1391257b][noparse]http://gfx1.hotmail.com/mail/w2/pr02/resources/msnpupld.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{6414512b-b978-451d-a0d8-fcfdf33e833c}[/color:bd1391257b] (wuwebcontrol class) - [u:bd1391257b][noparse]http://v5.windowsupdate.microsoft.com/v5consumer/v5controls/en/x86/client/wuweb_site.cab?1113047929255[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{8e0d4de5-3180-4024-a327-4dfad1796a8d}[/color:bd1391257b] (messengerstatsclient class) - [u:bd1391257b][noparse]http://messenger.zone.msn.com/binary/messengerstatsclient.cab31267.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{a18962f6-e6ed-40b1-97c9-1fb36f38bfa8}[/color:bd1391257b] (aurigma image uploader 3.5 control) - [u:bd1391257b][noparse]http://cache.hyves.nl/statics/aurigma/imageuploader.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{d83c1bd1-dcbb-11d4-9425-0050bf33fa6e}[/color:bd1391257b] (cycloscopelite control) - [u:bd1391257b][noparse]http://www.cyclomedia.nl/download/components/cycloscopelite.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{deb21ad3-fda4-42f6-b57d-ee696a675ee8}[/color:bd1391257b] (ip-uploader control) - [u:bd1391257b][noparse]http://asp01.photoprintit.de/microsite/8/defaults/activex/imageuploader3.cab[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o16 -[/color:bd1391257b] [color=brown:bd1391257b]dpf[/color:bd1391257b]: [color=orange:bd1391257b]{e87f6c8e-16c0-11d3-bef7-009027438003}[/color:bd1391257b] (persits software xupload) - [u:bd1391257b][noparse]http://www.hema.nl/site/xupload/xupload.ocx[/noparse][/u:bd1391257b] [color=silver:bd1391257b]o18 -[/color:bd1391257b] [color=brown:bd1391257b]protocol[/color:bd1391257b]: skype4com - [color=orange:bd1391257b]{ffc8b962-9b40-4dff-9458-1830c7dd7f5d}[/color:bd1391257b] - [color=teal:bd1391257b]c:\progra~1\common~1\skype\[/color:bd1391257b][color=blue:bd1391257b]skype4~1.dll[/color:bd1391257b] [color=silver:bd1391257b]o20 -[/color:bd1391257b] [color=brown:bd1391257b]winlogon notify[/color:bd1391257b]: cbxrhbsq - cbxrhbsq.dll [color=red:bd1391257b](file missing)[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: ati hotkey poller - ati technologies inc. - [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ati2evxx.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: ati smart - unknown owner - [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ati2sgag.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: creative service for cdrom access - creative technology ltd - [color=teal:bd1391257b]c:\windows\system32\[/color:bd1391257b][color=blue:bd1391257b]ctsvccda.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: installdriver table manager (idrivert) - macrovision corporation - [color=teal:bd1391257b]c:\program files\common files\installshield\driver\11\intel 32\[/color:bd1391257b][color=blue:bd1391257b]idrivert.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: pc tools auxiliary service (sdauxservice) - pc tools - [color=teal:bd1391257b]c:\program files\spyware doctor\[/color:bd1391257b][color=blue:bd1391257b]pctsauxs.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: pc tools security service (sdcoreservice) - pc tools - [color=teal:bd1391257b]c:\program files\spyware doctor\[/color:bd1391257b][color=blue:bd1391257b]pctssvc.exe[/color:bd1391257b] [color=silver:bd1391257b]o23 -[/color:bd1391257b] [color=brown:bd1391257b]service[/color:bd1391257b]: truevector internet monitor (vsmon) - zone labs, llc - [color=teal:bd1391257b]c:\windows\system32\zonelabs\[/color:bd1391257b][color=blue:bd1391257b]vsmon.exe[/color:bd1391257b] -- end of file - 8868 bytes [/hjt][/quote:bd1391257b] Ziet iemand iets raars?
  • Download Malwarebytes' Anti-Malware via [url=http://www.besttechie.net/tools/mbam-setup.exe][b:75074cd2ce]hier[/b:75074cd2ce][/url] of [url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:75074cd2ce]hier[/b:75074cd2ce][/url]. Dubbelklik mbam-setup.exe om het programma te installeren.[list:75074cd2ce] [*:75074cd2ce]Zorg ervoor dat er een vinkje geplaatst is voor [b:75074cd2ce]Update Malwarebytes' Anti-Malware[/b:75074cd2ce] en [b:75074cd2ce]Launch Malwarebytes' Anti-Malware[/b:75074cd2ce], Klik daarna op "finish". [*:75074cd2ce]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren. [*:75074cd2ce]Wanneer het programma volledig up to date is, selecteer "[b:75074cd2ce]Perform Quick Scan[/b:75074cd2ce]", daarna klik [b:75074cd2ce]Scan[/b:75074cd2ce]. [*:75074cd2ce]Het scannen kan een tijdje duren, dus wees geduldig. [*:75074cd2ce]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien. [*:75074cd2ce]Zorg ervoor dat daar [b:75074cd2ce]alles aangevinkt is[/b:75074cd2ce], daarna klik: [b:75074cd2ce]Remove Selected[/b:75074cd2ce]. [*:75074cd2ce]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan) [*:75074cd2ce]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM. [*:75074cd2ce]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog. [/list:u:75074cd2ce] Extra opmerking: [b:75074cd2ce]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.[/b:75074cd2ce] Herstart de computer en plaats ook een nieuw HJT logje Wil je die gewoon in zwart wit plaatsen aub , dat vind ik beter leesbaar.
  • Na je advies ziet het er als volgt uit: [quote:47145c4a10]Malwarebytes' Anti-Malware 1.18 Database version: 895 14:48:08 27-6-2008 mbam-log-6-27-2008 (14-48-08).txt Scan type: Quick Scan Objects scanned: 43441 Time elapsed: 9 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)[/quote:47145c4a10] [quote:47145c4a10]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:52, on 27-6-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://download.pplive.com/synalivesetup(1.7.23)_ie.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113047929255 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7817 bytes[/quote:47145c4a10] Ik moet zeggen dat na je advies (en wat ander advies) het al veel en veel beter gaat. Als je nog iets ziet staan, dan hoor ik dat graag uiteraard :). Ieder geval hartelijk bedankt voor je hulp!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.