Vraag & Antwoord

Beveiliging & privacy

valse spyware-waarschuwing

4 antwoorden
  • mijn bureaublad is blauw geworden met de opschrift "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer" kan iemand mij helpen? dit is mijn logfile door hijackthis Logfile of HijackThis v1.99.1 Scan saved at 22:49:05, on 14-08-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\rhceaej0eccp\rhceaej0eccp.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\ScanPanel\ScnPanel.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\marcel\Bureaublad\hijackthis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {A6B9D2F5-A6A6-45C0-2730-197B0AB8F72F} - MONITER.dll (file missing) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WTFCTF] clamav.exe O4 - HKLM\..\Run: [qwe] Shaitan1678.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [tmt] "C:\Program Files\TimeSlot\tmt.exe" O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [lphcaaej0eccp] C:\WINDOWS\system32\lphcaaej0eccp.exe O4 - HKLM\..\Run: [SMrhceaej0eccp] C:\Program Files\rhceaej0eccp\rhceaej0eccp.exe O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ATLIEHELPER] Bogobot.exe O4 - HKCU\..\Run: [UserSp1] TRPT.exe O4 - HKCU\..\Run: [clamav] runload32.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [A00F8A09E.exe] C:\DOCUME~1\marcel\LOCALS~1\Temp\_A00F8A09E.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (OD2 Music Manager) - http://img.od2.com/Installation/PluginName/MusicManager/MusicManagerPlugin.CAB O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{06D37D30-600E-46D2-964D-8DD3FDC8A88D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{50855CBF-BC48-45DA-9FA1-59A37D7A149D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{70E5CA97-213C-41BB-B7BB-6935D33D0BFC}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{BA0AAC86-B4BA-4B08-89B2-3A0531157128}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8434BC4-66DC-4C49-A981-0B22EF6854DF}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{06D37D30-600E-46D2-964D-8DD3FDC8A88D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O20 - Winlogon Notify: __c006B03D - C:\WINDOWS\system32\__c006B03D.dat (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Hier is wel wat werk aan de winkel :D Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:b0948e1b77]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: (no name) - {A6B9D2F5-A6A6-45C0-2730-197B0AB8F72F} - MONITER.dll (file missing) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll O4 - HKLM\..\Run: [WTFCTF] clamav.exe O4 - HKLM\..\Run: [qwe] Shaitan1678.exe O4 - HKLM\..\Run: [lphcaaej0eccp] C:\WINDOWS\system32\lphcaaej0eccp.exe O4 - HKLM\..\Run: [SMrhceaej0eccp] C:\Program Files\rhceaej0eccp\rhceaej0eccp.exe O4 - HKCU\..\Run: [ATLIEHELPER] Bogobot.exe O4 - HKCU\..\Run: [UserSp1] TRPT.exe O4 - HKCU\..\Run: [clamav] runload32.exe O4 - HKCU\..\Run: [A00F8A09E.exe] C:\DOCUME~1\marcel\LOCALS~1\Temp\_A00F8A09E.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{06D37D30-600E-46D2-964D-8DD3FDC8A88D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{50855CBF-BC48-45DA-9FA1-59A37D7A149D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{70E5CA97-213C-41BB-B7BB-6935D33D0BFC}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{BA0AAC86-B4BA-4B08-89B2-3A0531157128}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8434BC4-66DC-4C49-A981-0B22EF6854DF}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{06D37D30-600E-46D2-964D-8DD3FDC8A88D}: NameServer = 85.255.113.114,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.114 85.255.112.8 O20 - Winlogon Notify: __c006B03D - C:\WINDOWS\system32\__c006B03D.dat (file missing)[/b:b0948e1b77] Klik op 'Fix checked' om de items te verwijderen. Verwijder volgende vetgedrukte mappen of bestanden via Windows Verkenner : C:\Program Files\[b:b0948e1b77]rhceaej0eccp[/b:b0948e1b77] C:\Program Files\Macrogaming\[b:b0948e1b77]SweetIMBarForIE[/b:b0948e1b77] C:\Program Files\[b:b0948e1b77]BearShare Applications[/b:b0948e1b77] C:\WINDOWS\system32\[b:b0948e1b77]lphcaaej0eccp.exe[/b:b0948e1b77] Download [b:b0948e1b77]MBAM (Malwarebytes' Anti-Malware)[/b:b0948e1b77] hier : http://www.besttechie.net/tools/mbam-setup.exe Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • bedankt voor je zeer snelle reaktie, kape ! alles uitgevoerd zoals je hebt opgegeven m.u.v. het verwijderen van C:\Program Files\rhceaej0eccp enkele bestanenden konden niet verwijderd worden (in gebruik) maar wel verwijderd door MBAM C:\WINDOWS\system32\lphcaaej0eccp.exe niet kunnen vinden opnieuwd opgestart: bureaublad weer normaal en weer normaal in te stellen. waarschuwingen van antivirus xp 2008 verschijnen niet meer. Malwarebytes' Anti-Malware 1.24 Database versie: 1054 Windows 5.1.2600 Service Pack 2 13:26:20 15-08-2008 mbam-log-8-15-2008 (13-26-20).txt Scan type: Snelle Scan Objecten gescand: 136471 Verstreken tijd: 57 minute(s), 3 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 6 Registerwaarden geïnfecteerd: 4 Registerdata bestanden geïnfecteerd: 18 Mappen geïnfecteerd: 24 Bestanden geïnfecteerd: 25 Geheugenprocessen geïnfecteerd: C:\Program Files\rhceaej0eccp\rhceaej0eccp.exe (Rogue.Multiple) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Program Files\rhceaej0eccp\msvcr71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhceaej0eccp\MFC71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhceaej0eccp\msvcp71.dll (Rogue.Multiple) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhceaej0eccp (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhceaej0eccp (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f880cca2-3024-40aa-a8b9-a52705c1cb81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70e5ca97-213c-41bb-b7bb-6935d33d0bfc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{70e5ca97-213c-41bb-b7bb-6935d33d0bfc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06d37d30-600e-46d2-964d-8dd3fdc8a88d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70e5ca97-213c-41bb-b7bb-6935d33d0bfc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06d37d30-600e-46d2-964d-8dd3fdc8a88d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f880cca2-3024-40aa-a8b9-a52705c1cb81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114 85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06d37d30-600e-46d2-964d-8dd3fdc8a88d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f880cca2-3024-40aa-a8b9-a52705c1cb81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{50855cbf-bc48-45da-9fa1-59a37d7a149d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{70e5ca97-213c-41bb-b7bb-6935d33d0bfc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8434bc4-66dc-4c49-a981-0b22ef6854df}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06d37d30-600e-46d2-964d-8dd3fdc8a88d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ba0aac86-b4ba-4b08-89b2-3a0531157128}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.114,85.255.112.8 -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\rhceaej0eccp\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\john.TITANIUM-MD8386\Application Data\rhceaej0eccp (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhceaej0eccp (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\marcel\Local Settings\Temp\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureaublad\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\rhceaej0eccp\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhceaej0eccp\rhceaej0eccp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhceaej0eccp\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhceaej0eccp\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\pamela\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\marcel\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blphcaaej0eccp.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcaaej0eccp.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 14:04:39, on 15-08-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\ScanPanel\ScnPanel.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Xfire\xfire.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\marcel\Bureaublad\hijackthis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [tmt] "C:\Program Files\TimeSlot\tmt.exe" O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106838455765 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (OD2 Music Manager) - http://img.od2.com/Installation/PluginName/MusicManager/MusicManagerPlugin.CAB O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Logjes zien er goed uit ... en vermits je problemen opgelost zijn, blijft er alleen nog wat opruimwerk over. Download CCleaner hier : http://www.majorgeeks.com/download4191.html Let tijdens de installatie van CCleaner op dat je het vinkje weghaalt bij de Yahoo Toolbar. Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af. Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen. That’s it !

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.