Vraag & Antwoord

Beveiliging & privacy

hijackthislog ivm computerproblemen

16 antwoorden
  • aan de hand van dit topic even een hijackthis logfile: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=198686 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:02:22, on 16-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001 C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001 C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing) O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 9440 bytes ik weet niet hoe ik hier naar moet kijken. Iig, ik had IE niet aanstaan en ook IE user uitgeschakeld, maar toch blijkt die nog te draaien? de gratistoolbar die ertussen staat heb ik via configuratiescherm -> programma's en onderdelen, verwijderd, maar blijft actief, ik kan hem ook niet wissen. (voor installatie van die toolbar bestond het probleem al) ad-aware vind wel steeds iets, maar zodra ik het wil verwijderen loopt het programma vast, hoewel hij zegt dat hij het heeft verwijderd, dus dat vind ik nogal vreemd.
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:faeea680c9]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file) O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing) O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) [/b:faeea680c9] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:faeea680c9]@echo off ECHO. ECHO Deleting folders>>log.txt FOR %%I in ( "C:\Program Files\IEToolbar\") DO ( IF EXIST %%I ( RD /S /Q %%I IF EXIST %%I ( ECHO %%I not deleted>>log.txt ) ELSE ( ECHO %%I deleted>>log.txt) ) ELSE ( ECHO %%I not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:faeea680c9] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent. Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren: [list:faeea680c9][*:faeea680c9] Download [url=http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=nl&host=java.com:80]Java Runtime Environment (JRE) 6u12[/url] en bewaar het naar je Bureaublad. [*:faeea680c9] Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:faeea680c9] Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. [*:faeea680c9] Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:faeea680c9]Klik dan op Verwijderen of op de Wijzig/Verwijder knop. [*:faeea680c9] Herhaal dit tot alle oudere versies verdwenen zijn. [*:faeea680c9] Na het verwijderen van alle oudere versies, herstart je pc. [*:faeea680c9] Dubbelklik vervolgens op jre-6u12-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:faeea680c9] Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:faeea680c9][color=red:faeea680c9]MalwareBytes' Anti-Malware[/color:faeea680c9][/b:faeea680c9][/url] en sla het op je bureaublad op. Dubbelklik op [b:faeea680c9]mbam-setup.exe[/b:faeea680c9] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:faeea680c9] [*:faeea680c9]Update MalwareBytes' Anti-Malware [*:faeea680c9]Start MalwareBytes' Anti-Malware [/list:u:faeea680c9]Klik daarna op "[b:faeea680c9]Voltooien[/b:faeea680c9]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:faeea680c9] [*:faeea680c9]Zodra het programma gestart is, ga dan naar het tabblad "[b:faeea680c9]Instellingen[/b:faeea680c9]". [*:faeea680c9]Vink hier aan: "[b:faeea680c9]Sluit Internet Explorer tijdens verwijdering van malware[/b:faeea680c9]". [*:faeea680c9]Ga daarna naar het tabblad "[b:faeea680c9]Scanner[/b:faeea680c9]", kies hier voor "[b:faeea680c9]Snelle Scan[/b:faeea680c9]". [*:faeea680c9]Druk vervolgens op "[b:faeea680c9]Scannen[/b:faeea680c9]" om de scan te starten. [*:faeea680c9]Het scannen kan een tijdje duren, dus wees geduldig. [*:faeea680c9]Wanneer de scan voltooid is, klik op [b:faeea680c9]OK[/b:faeea680c9], daarna "[b:faeea680c9]Bekijk Resultaten[/b:faeea680c9]" om de resultaten te zien. [*:faeea680c9]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:faeea680c9]Verwijder geselecteerde[/b:faeea680c9]". [*:faeea680c9]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:faeea680c9]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:faeea680c9]Logs[/b:faeea680c9]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis
  • [quote:24a31e6907="Othuroyo"] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [b:24a31e6907]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [/b:24a31e6907] [b:24a31e6907]R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)[/b:24a31e6907] [b:24a31e6907]O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:24a31e6907] O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [b:24a31e6907]O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll [/b:24a31e6907] O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing) [b:24a31e6907]O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:24a31e6907] O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b] O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)[/quote:24a31e6907] Er gaat wat fout. Ik krijg bij het aanvinken van deze 3 meldingen. De zaken met gratistoolbar zijn er ineens uit, waarschijnlijk door de reboot dat deze de-installatie wel is gelukt volledig. alles wat ik vet heb gemaakt, is weg, de rest krijg ik niet weg, met de volgende meldingen: [img:24a31e6907]http://pobresh.com/foutmelding1.jpg[/img:24a31e6907] [img:24a31e6907]http://pobresh.com/foutmelding2.jpg[/img:24a31e6907] of ik nu ja of nee klik, bij beiden of om en om, krijg ik alsnog dit scherm: [img:24a31e6907]http://pobresh.com/melding3.jpg[/img:24a31e6907] Internet explorer start als ik ja klik bij de eerste 2, maar die sluit ik via taakbeheer af, inc, ieuser.exe Dus IE draait niet. Na de laatste melding gaat hijackthis terug naar het begin en kan ik hem weer opnieuw laten scannen, maar wat ik ook probeer, die paar die blijven staan. [quote:24a31e6907] Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren: [list:24a31e6907][*:24a31e6907] Download [url=http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=nl&host=java.com:80]Java Runtime Environment (JRE) 6u12[/url] en bewaar het naar je Bureaublad. [*:24a31e6907] Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:24a31e6907] Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. [*:24a31e6907] Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:24a31e6907]Klik dan op Verwijderen of op de Wijzig/Verwijder knop. [*:24a31e6907] Herhaal dit tot alle oudere versies verdwenen zijn. [*:24a31e6907] Na het verwijderen van alle oudere versies, herstart je pc. [*:24a31e6907] Dubbelklik vervolgens op jre-6u12-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:24a31e6907] [/quote:24a31e6907] Bij software stond enkel de runtime, die heb ik weggehaald. Installatie heb ik dus al gedaan. anti-malware log: [b:24a31e6907]Malwarebytes' Anti-Malware 1.34 Database versie: 1857 Windows 6.0.6001 Service Pack 1 17-3-2009 9:34:59 mbam-log-2009-03-17 (09-34-59).txt Scan type: Snelle Scan Objecten gescand: 59416 Verstreken tijd: 3 minute(s), 0 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) [/b:24a31e6907] hijackthislog2: [b:24a31e6907]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:02:22, on 16-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001 C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001 C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing) O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 9440 bytes [/b:24a31e6907] (ja IE stond nog aan) ik zie ook dat ineens de gratis toolbar ineens weer werkt... beetje vreemd
  • Start hijackthis doormiddel van rechtermuisknop en "Uitvoeren als Administrator" en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:1632d77d45] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file) O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:1632d77d45] [/b] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. En voer daarna de 2e stap uit mijn vorige bericht uit, die had je namelijk overgeslagen.
  • Logje van del.dat: Deleting folders "C:\Program Files\IEToolbar\" not deleted logje Hijackthis na die stap: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54:58, on 17-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7637 bytes weer geen gratistoolbar, die komt en die gaat? overigens, daarstrax weer een uitval van internet gehad, in elk geval krijg ik dan de laptop ook niet meer uitgeschakeld, heeel lang uitknop inhouden (20 seconden of langer) en accu eruit enigste methode
  • Misschien helpt het om wat geduldiger te zijn. Download [url=http://users.skynet.be/gv_soft/Programmas/GV_Killer.exe]GV Killer.exe[/url]. Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad. Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten. [b:4cef64e329]C:\Program Files\IEToolbar\ [/b:4cef64e329] Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten. Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:4cef64e329][color=blue:4cef64e329]Combofix[/color:4cef64e329][/b:4cef64e329][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:4cef64e329][color=Red:4cef64e329]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:4cef64e329]download Combofix opnieuw[/b:4cef64e329]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:4cef64e329][/i:4cef64e329][list:4cef64e329][*:4cef64e329]Dubbelklik op [b:4cef64e329]Combofix.exe[/b:4cef64e329] om het te starten. [*:4cef64e329][i:4cef64e329]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:4cef64e329] [*:4cef64e329]Klik op [b:4cef64e329]OK[/b:4cef64e329] in het "NirCmd" venstertje. [*:4cef64e329]Klik na afloop terug op [b:4cef64e329]Ja[/b:4cef64e329] om het scannen op malware te starten. [*:4cef64e329]Tijdens het runnen van de fix, [b:4cef64e329]NIET[/b:4cef64e329] in het venster klikken, want dit zal je pc doen vasthangen. [*:4cef64e329]Wanneer de fix voltooid is en na herstart, zal de log [b:4cef64e329]Combofix.txt[/b:4cef64e329] openen.[/list:u:4cef64e329]Post dit logje in je volgende antwoord
  • inhoud gvkiller.txt: [b:f7e4911f09] Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen Rapport datum: 2009-03-18 08:19:12 log van Rutger , Beheerder van deze computer Platform: Windows Vista SP1 NLD Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\SCHEDLGU.TXT EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify igfxcui igfxdev.dll Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- EINDE Inhoud van Input.txt----------------------------------------------------------- EINDE Inhoud van Input.txt----------------------------------------------------------- ;1289578-OEM-7332157-00237=1A2B3C4D19 Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen Rapport datum: 2009-03-18 08:19:55 log van Rutger , Beheerder van deze computer Platform: Windows Vista SP1 NLD Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\SCHEDLGU.TXT EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify igfxcui igfxdev.dll Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- C:\Program Files\IEToolbar\ EINDE Inhoud van Input.txt----------------------------------------------------------- 53 C:\Program Files\IEToolbar\ EINDE Inhoud van Input.txt----------------------------------------------------------- ;5589578-OEM-7332157-00237=77PQF8E7S19 ;EINDE GV_Killer ---------------------------------------------------------------------[/b:f7e4911f09] inhoud combofix.txt: [i:f7e4911f09]ComboFix 09-03-15.01 - Rutger 2009-03-17 17:01:47.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2039.1231 [GMT 1:00] Gestart vanuit: C:\Users\Rutger\Documents\ComboFix.exe FW: ZoneAlarm Firewall *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\IEToolbar C:\Windows\system32\x64 . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))) . 2009-03-17 16:36 . 2009-03-17 16:39 <DIR> d-------- C:\Program Files\GV_Killer 2009-03-17 16:36 . 2004-03-08 23:00 152,848 --a------ C:\Windows\System32\COMDLG32.OCX 2009-03-17 16:36 . 2001-09-07 11:00 59,904 --a------ C:\Windows\System32\wbemdisp.tlb 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- C:\Users\Rutger\AppData\Roaming\Malwarebytes 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- C:\Users\All Users\Malwarebytes 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- C:\ProgramData\Malwarebytes 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-17 09:30 . 2009-02-11 10:19 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2009-03-17 09:30 . 2009-02-11 10:19 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2009-03-17 09:02 . 2009-03-17 09:02 410,984 --a------ C:\Windows\System32\deploytk.dll 2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d-------- C:\Program Files\Trend Micro 2009-03-16 09:38 . 2008-04-17 12:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2009-03-16 09:38 . 2009-01-15 12:19 23,848 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- C:\Users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- C:\Program Files\iTunes 2009-03-16 09:37 . 2009-03-16 09:37 <DIR> d-------- C:\Program Files\iPod 2009-03-16 09:35 . 2009-03-16 09:36 <DIR> d-------- C:\Program Files\QuickTime 2009-03-16 09:31 . 2009-03-16 09:31 <DIR> d-------- C:\Program Files\Bonjour 2009-03-11 11:20 . 2009-02-09 04:10 2,033,152 --a------ C:\Windows\System32\win32k.sys 2009-03-11 11:20 . 2008-11-27 05:43 268,288 --a------ C:\Windows\System32\schannel.dll 2009-03-10 15:35 . 2009-03-03 16:51 15,688 --a------ C:\Windows\System32\lsdelete.exe 2009-03-09 18:17 . 2009-03-09 18:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2009-03-09 18:16 . 2008-12-16 04:29 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2009-03-09 18:16 . 2008-12-16 06:31 7,680 --a------ C:\Windows\System32\spwmp.dll 2009-03-09 18:16 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\msdxm.ocx 2009-03-09 18:16 . 2008-12-16 06:31 4,096 --a------ C:\Windows\System32\dxmasf.dll 2009-03-03 16:51 . 2009-03-03 16:51 64,160 --a------ C:\Windows\System32\drivers\Lbd.sys 2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d-------- C:\Users\All Users\Lavasoft 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d--h-c--- C:\Users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d-------- C:\ProgramData\Lavasoft 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d--h-c--- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d-------- C:\Program Files\Lavasoft 2009-03-03 16:33 . 2009-03-03 16:34 <DIR> d-------- C:\websymbols 2009-02-25 11:42 . 2009-03-03 16:37 <DIR> d-------- C:\Program Files\Debugging Tools for Windows (x86) 2009-02-25 09:40 . 2009-03-05 14:51 250 --a------ C:\Windows\gmer.ini 2009-02-25 09:36 . 2009-02-25 09:36 <DIR> d-------- C:\Users\Rutger\Pavark 2009-02-17 11:39 . 2009-02-17 11:39 <DIR> d-------- C:\Program Files\Microsoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 15:49 348,371 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2009-03-17 08:02 --------- d-----w C:\Program Files\Java 2009-03-16 08:37 --------- d-----w C:\Program Files\Common Files\Apple 2009-03-11 16:01 --------- d-----w C:\Program Files\Windows Mail 2009-03-10 14:31 --------- d-----w C:\Program Files\TOSHIBA 2009-03-10 14:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2009-03-05 13:32 --------- d-----w C:\ProgramData\Symantec 2009-03-05 13:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2009-03-05 13:28 --------- d-----w C:\Program Files\Symantec 2009-03-04 13:01 390,576 ----a-w C:\Users\Rutger\AppData\Roaming\GDIPFONTCACHEV1.DAT 2009-03-02 08:05 --------- d-----w C:\Program Files\TeamViewer3 2009-02-19 13:33 4,963,310 ----a-w C:\Windows\Internet Logs\tvDebug.Zip 2009-02-14 18:42 --------- d-----w C:\Program Files\URS Mondial Top Scan (Fa.Köhrmann) 2009-01-18 00:42 --------- d-----w C:\Program Files\Google 2009-01-15 06:11 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-11-20 20:59 10,433 ----a-w C:\Program Files\uninstal.log 2008-10-13 10:34 174 --sha-w C:\Program Files\desktop.ini 2002-12-11 13:17 13,366,265 --s-a-w C:\Program Files\Encore Manual.pdf . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 22:33 1233920] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 09:32 435768] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-11-02 23:02 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 21:39 39408] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 22:33 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 15:19 861744] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 19:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 19:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 19:13 133656] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792] "Monitor"="C:\Windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 10:01 319488] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 15:18 981904] "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-03 16:51 515416] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 16:18 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-12 20:56 342312] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-17 09:02 148888] "NDSTray.exe"="NDSTray.exe" [BU] C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AFDC7AA0-A841-4A91-8DD4-1D3D0F164959}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{2FBAEAC6-8EFB-4419-B936-76F7AB8D6E2E}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{6C7EE3C8-AC09-463B-BA1D-BC365C92EE76}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{71E976D4-F7C6-47A6-8ACD-0FA9FC689507}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{D423C966-8221-40B1-AF31-098F0289DE89}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "TCP Query User{7762D7F2-0351-4F3E-A335-E79BE537B6C5}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{0EB6F53B-7C87-4777-AC24-A71F436E70A5}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{5D9699D5-A8B9-47B2-BD00-E35F0AA2F71F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{9044B3D2-60FA-4ED8-AA02-B51BBAF4C500}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "{40FC9F88-2855-4EBA-A440-2874C918867D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{5FE87909-AE92-4A80-B204-47D3A320F19E}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{BFD1F2F8-AE16-4206-9D13-299E93842459}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{A2C821FE-B88F-448B-BF3D-D4B3D140A27D}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4D2EC621-34AC-4A1E-B6F0-25DCEAED658B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{FE454C3B-FF99-4EF3-AC32-589BD9AA3A77}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{931C85DF-8B63-4387-9FA5-51A673A199C8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{B3E58F21-AB21-43EF-BC8C-A436A3B8C44E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{BE89A468-A44C-4B3D-B0A3-F50B381EA6E1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C283F33D-0A5D-4392-8666-50F242D08EFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-03-03 16:51:21 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 22:34:37 951632] R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 09:50:00 181544] S3 GSV;GSV;C:\Users\Rutger\AppData\Local\Temp\GSV.exe --> C:\Users\Rutger\AppData\Local\Temp\GSV.exe [?] S3 JGPPLMRDFTO;JGPPLMRDFTO;C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe --> C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe [?] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28u.sys [2007-12-14 17:16:34 570880] S3 PAC7311;VGA USB Camera;C:\Windows\System32\drivers\PA707UCM.SYS [2008-10-20 20:50:46 530304] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3eb8bd-9f40-11dd-8f0a-001a92fbe007}] \shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2009-03-17 C:\Windows\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-03 16:51] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{7F344356-6DF6-49DA-9A83-101ACBF6589B} - (no file) . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = mar-px-01:8080 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 .[/i:f7e4911f09]
  • Zijn er nog problemen?
  • [quote:905b1d603b="Othuroyo"]Zijn er nog problemen?[/quote:905b1d603b] dat wacht ik even af, het kwam voorheen op willekeurige tijden voor, dus ik weet niet wat het nu gaat doen. edit: inmiddels weer een internet crash gehad, dus vervormde foto's vooraf en daarna geen sites meer, msn blijft draaien. in elk geval gaat het inloggen op windows niet zo makkelijk, soms nerges last van en soms duurt het nogal even voordattie hem ziet, kan op enter blijven drukken, maar het duurt dan altijd even voor hij hem accepteert. Ik wil eigenlijk mijn virusscanner er opnieuw opzetten, maar is het wel verstandig deze erop te zetten omdat die voorheen ook voor BSOD gaf toen ie nog werkte? Gaat om symantec antivirus 10.2.0.224 en de melding die in de logboeken van windows staat vlak voor de BSOD welke dus van de scanner afkwam: Auto-Protect Error: Auto-Protect is unable to block security risks.
  • Een andere virusscanner zou een optie kunnen zijn. Die internet crashen hoeven niet perse de gevolgen van malware te zijn. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] [url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html](mirror)[/url](gemaakt door Atribune) Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad Main, plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad Firefox, plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) Klik op de knop Empty Selected. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad Opera, plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. Klik op de knop Empty Selected. Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.[/list]3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:ef7c522747]ComboFix /U[/b:ef7c522747] typen en op enter drukken!!) - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt
  • bovenstaande gedaan, daarna even AVG free erop gezet, deze laten scannen, ad-aware laten scannen (vond 1 ding, gelijk verwijderd) Klein probleempje met avg free, op een of andere manier schakeld hij zijn eigen resident shield uit. Handmatig kan ik hem disable en vervolgens weer aanzetten, maar na een korte tijd of bijvoorbeeld bij het openen van IE schakelt ie zichzelf uit. Hij staat als active, maar geeft in het overzichtsscherm aan dat ie niet actief is. wat kan ik hier tegen doen? Ik heb verder nog geen problemen gehad nu op het moment
  • Hmm, ik denk dat dit echt specifiek een avg probleem is. Misschien kan je iets vinden op hun site?
  • [quote:3f0d89d207="Othuroyo"]Hmm, ik denk dat dit echt specifiek een avg probleem is. Misschien kan je iets vinden op hun site?[/quote:3f0d89d207] na reboot was de fout weg. Maar wat me wel opviel was dat bij symantec de autoprotect zorgde voor de BSOD, en AVG resident shield, is hetzelfde als de autoprotect, dus het lijkt me wel overeenkomstig? Tevens heb ik nu het probleem dat ik bijvoorbeeld op het C!T forum om de haverklap meldingen krijg van tracking cookies door avg, en als ik ze wil healen zegt ie dat het bestand niet meer bestaat cookies als doubleclick tracker e.d.
  • Plaats is een nieuw HijackThis logje samen met een ComboFix logje.
  • [i:20f5524bd1][b:20f5524bd1]hijackthislog:[/b:20f5524bd1][/i:20f5524bd1] Scan saved at 09:41:09, on 2009-03-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GSV - Unknown owner - C:\Users\Rutger\AppData\Local\Temp\GSV.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: JGPPLMRDFTO - Unknown owner - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7537 bytes [b:20f5524bd1]daarna combofix gedraait met deze log:[/b:20f5524bd1] ComboFix 09-03-15.01 - Rutger 2009-03-19 9:48:27.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2039.1243 [GMT 1:00] Gestart vanuit: c:\users\Rutger\Documents\ComboFix.exe FW: ZoneAlarm Firewall *enabled* * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ---- Voorgaande Run ------- . c:\program files\IEToolbar c:\windows\system32\x64 . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))) . 2009-03-18 20:52 . 2009-03-18 20:54 <DIR> d-------- c:\windows\System32\SmitfraudFix 2009-03-18 17:25 . 2009-03-19 08:07 <DIR> d-------- c:\windows\System32\drivers\Avg 2009-03-18 17:25 . 2009-03-18 17:25 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys 2009-03-18 17:25 . 2009-03-18 17:25 107,912 --a------ c:\windows\System32\drivers\avgtdix.sys 2009-03-18 17:25 . 2009-03-18 17:25 10,520 --a------ c:\windows\System32\avgrsstx.dll 2009-03-17 16:36 . 2009-03-18 16:46 <DIR> d-------- c:\program files\GV_Killer 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- c:\users\Rutger\AppData\Roaming\Malwarebytes 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-17 09:02 . 2009-03-17 09:02 410,984 --a------ c:\windows\System32\deploytk.dll 2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d-------- c:\program files\Trend Micro 2009-03-16 09:38 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-03-16 09:38 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d-------- c:\program files\iTunes 2009-03-16 09:37 . 2009-03-16 09:37 <DIR> d-------- c:\program files\iPod 2009-03-16 09:35 . 2009-03-16 09:36 <DIR> d-------- c:\program files\QuickTime 2009-03-16 09:31 . 2009-03-16 09:31 <DIR> d-------- c:\program files\Bonjour 2009-03-11 11:20 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 11:20 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-10 15:35 . 2009-03-03 16:51 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-03-09 18:17 . 2009-03-09 18:17 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-03-09 18:16 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-09 18:16 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-09 18:16 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-09 18:16 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-03 16:51 . 2009-03-03 16:51 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d-------- c:\users\All Users\Lavasoft 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d-------- c:\programdata\Lavasoft 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d-------- c:\program files\Lavasoft 2009-03-03 16:33 . 2009-03-03 16:34 <DIR> d-------- C:\websymbols 2009-02-25 11:42 . 2009-03-03 16:37 <DIR> d-------- c:\program files\Debugging Tools for Windows (x86) 2009-02-25 09:40 . 2009-03-05 14:51 250 --a------ c:\windows\gmer.ini 2009-02-25 09:36 . 2009-02-25 09:36 <DIR> d-------- c:\users\Rutger\Pavark . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 08:32 348,371 ---ha-w c:\windows\system32\drivers\vsconfig.xml 2009-03-18 16:25 --------- d-----w c:\programdata\Avg8 2009-03-18 10:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-18 10:12 --------- d-----w c:\program files\TOSHIBA 2009-03-18 10:12 --------- d-----w c:\program files\eWs 2009-03-18 10:11 --------- d-----w c:\programdata\Ulead Systems 2009-03-18 10:11 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-03-17 08:02 --------- d-----w c:\program files\Java 2009-03-16 08:37 --------- d-----w c:\program files\Common Files\Apple 2009-03-11 16:01 --------- d-----w c:\program files\Windows Mail 2009-03-05 13:32 --------- d-----w c:\programdata\Symantec 2009-03-05 13:32 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-05 13:28 --------- d-----w c:\program files\Symantec 2009-03-04 13:01 390,576 ----a-w c:\users\Rutger\AppData\Roaming\GDIPFONTCACHEV1.DAT 2009-03-02 08:05 --------- d-----w c:\program files\TeamViewer3 2009-02-19 13:33 4,963,310 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-02-17 10:39 --------- d-----w c:\program files\Microsoft 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-11-20 20:59 10,433 ----a-w c:\program files\uninstal.log 2008-10-13 10:34 174 --sha-w c:\program files\desktop.ini 2002-12-11 13:17 13,366,265 --s-a-w c:\program files\Encore Manual.pdf . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_17.14.57,10 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-17 15:49:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-19 08:32:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-03-17 15:49:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-03-19 08:32:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-03-17 16:14:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-19 08:33:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-19 08:33:46 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-17 16:14:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-19 08:34:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-19 08:34:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-17 15:51:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-19 08:33:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-17 15:51:01 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-19 08:33:06 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-17 15:51:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-19 08:33:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-18 16:25:19 27,656 ----a-w c:\windows\System32\drivers\avgmfx86.sys + 2008-08-18 10:19:03 82,432 ----a-w c:\windows\System32\SmitfraudFix\404Fix.exe + 2008-12-11 23:57:43 78,336 ----a-w c:\windows\System32\SmitfraudFix\Agent.OMZ.Fix.exe + 2008-08-07 14:27:22 4,080 ----a-w c:\windows\System32\SmitfraudFix\beep_2K_original.sys + 2001-08-28 12:00:00 4,224 ----a-w c:\windows\System32\SmitfraudFix\beep_XP_original.sys + 2004-07-31 16:50:36 51,200 ----a-w c:\windows\System32\SmitfraudFix\dumphive.exe + 2007-08-21 06:00:06 1,536 ----a-w c:\windows\System32\SmitfraudFix\exit.exe + 2008-07-22 10:27:17 82,432 ----a-w c:\windows\System32\SmitfraudFix\GenericRenosFix.exe + 2008-12-15 21:44:04 77,824 ----a-w c:\windows\System32\SmitfraudFix\HostsChk.exe + 2008-11-29 16:58:21 82,944 ----a-w c:\windows\System32\SmitfraudFix\IEDFix.C.exe + 2008-05-18 19:40:35 82,944 ----a-w c:\windows\System32\SmitfraudFix\IEDFix.exe + 2008-09-20 10:45:23 80,384 ----a-w c:\windows\System32\SmitfraudFix\o4Patch.exe + 2008-05-27 21:17:49 3,584 ----a-w c:\windows\System32\SmitfraudFix\Policies.exe + 2003-06-05 19:13:00 53,248 ----a-w c:\windows\System32\SmitfraudFix\Process.exe + 2008-09-03 09:39:15 24,576 ----a-w c:\windows\System32\SmitfraudFix\Reboot.exe + 2006-03-07 20:45:34 16,384 ----a-w c:\windows\System32\SmitfraudFix\restart.exe + 2009-03-18 13:40:00 2,130,007 ----a-w c:\windows\System32\SmitfraudFix\SmitfraudFix.cmd + 2006-09-19 20:13:00 20,480 ----a-w c:\windows\System32\SmitfraudFix\SmiUpdate.exe + 2006-04-27 15:49:30 288,417 ----a-w c:\windows\System32\SmitfraudFix\SrchSTS.exe + 2006-08-29 17:43:54 135,168 ----a-w c:\windows\System32\SmitfraudFix\swreg.exe + 2006-01-09 08:36:06 40,960 ----a-w c:\windows\System32\SmitfraudFix\swsc.exe + 2006-12-01 04:20:32 79,360 ----a-w c:\windows\System32\SmitfraudFix\swxcacls.exe + 2008-03-02 21:38:24 77,312 ----a-w c:\windows\System32\SmitfraudFix\UIFix.exe + 2006-09-14 22:34:48 167,936 ----a-w c:\windows\System32\SmitfraudFix\unzip.exe + 2008-10-01 13:51:40 87,552 ----a-w c:\windows\System32\SmitfraudFix\VACFix.exe + 2007-09-05 22:22:23 289,144 ----a-w c:\windows\System32\SmitfraudFix\VCCLSID.exe + 2007-10-03 22:36:46 25,600 ----a-w c:\windows\System32\SmitfraudFix\WS2Fix.exe - 2009-03-17 15:55:32 12,262 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3765967472-2820930978-3669778308-1000_UserData.bin + 2009-03-19 08:34:42 12,734 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3765967472-2820930978-3669778308-1000_UserData.bin - 2009-03-17 15:55:31 68,068 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-19 08:34:42 68,694 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-17 16:16:54 2,598 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2009-03-17 15:55:30 43,456 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-18 15:56:21 43,528 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-11-02 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-03 515416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-18 1932568] "NDSTray.exe"="NDSTray.exe" [BU] c:\users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AFDC7AA0-A841-4A91-8DD4-1D3D0F164959}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{2FBAEAC6-8EFB-4419-B936-76F7AB8D6E2E}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{6C7EE3C8-AC09-463B-BA1D-BC365C92EE76}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{71E976D4-F7C6-47A6-8ACD-0FA9FC689507}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{D423C966-8221-40B1-AF31-098F0289DE89}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "TCP Query User{7762D7F2-0351-4F3E-A335-E79BE537B6C5}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{0EB6F53B-7C87-4777-AC24-A71F436E70A5}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{5D9699D5-A8B9-47B2-BD00-E35F0AA2F71F}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{9044B3D2-60FA-4ED8-AA02-B51BBAF4C500}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "{40FC9F88-2855-4EBA-A440-2874C918867D}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{5FE87909-AE92-4A80-B204-47D3A320F19E}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{BFD1F2F8-AE16-4206-9D13-299E93842459}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{A2C821FE-B88F-448B-BF3D-D4B3D140A27D}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4D2EC621-34AC-4A1E-B6F0-25DCEAED658B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{FE454C3B-FF99-4EF3-AC32-589BD9AA3A77}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{931C85DF-8B63-4387-9FA5-51A673A199C8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B3E58F21-AB21-43EF-BC8C-A436A3B8C44E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{BE89A468-A44C-4B3D-B0A3-F50B381EA6E1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C283F33D-0A5D-4392-8666-50F242D08EFB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C29FDEB1-2DB0-4133-80AF-EE7814A22A35}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{5058EC18-D5EA-4411-96DB-38FEB983507F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{B144F174-E9BA-4046-9BC2-4F59A5BE789B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-03 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-18 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-18 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-18 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-18 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544] S3 GSV;GSV;c:\users\Rutger\AppData\Local\Temp\GSV.exe --> c:\users\Rutger\AppData\Local\Temp\GSV.exe [?] S3 JGPPLMRDFTO;JGPPLMRDFTO;c:\users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe --> c:\users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe [?] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [2007-12-14 570880] S3 PAC7311;VGA USB Camera;c:\windows\System32\drivers\PA707UCM.SYS [2008-10-20 530304] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3eb8bd-9f40-11dd-8f0a-001a92fbe007}] \shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-03 16:51] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{7F344356-6DF6-49DA-9A83-101ACBF6589B} - (no file) . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = mar-px-01:8080 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 11:25:22 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????m_>????X?E???E???E???E? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-19 11:27:39 ComboFix-quarantined-files.txt 2009-03-19 10:27:36 Pre-Run: 43,007,840,256 bytes beschikbaar Post-Run: 43,593,822,208 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 269 --- E O F --- 2009-03-11 16:01:11
  • geen reactie meer? betekend dit dat alles in orde zou moeten zijn?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.