Vraag & Antwoord
probleem: asappsrv.dll (hijackthis log)
8 antwoorden
- Hello,
Ik heb sinds vanochtend zeer traag internet en bureaublad weergeven is ook bijzonder traag. Even na het opstarten van de pc gaf mcaffee een melding van "asappsrv.dll" en hij kan dit niet verwijderen.
Heb al verschillende programma's laten lopen maar geen die dit verwijderd. Weet er iemand hoe ik het (asappsrv.dll) kan verwijderen of fixen?
Ik ben ondertussen ook bezig met het zoeken achter een oplossing voor "command service" dat spybot altijd blijft geven en maar niet kan verwijderen, mss dat jullie in dit logje ook een oplossing hiervoor kunnen vinden?
Dank bij voorbaat
Logfile of HijackThis v1.99.1
Scan saved at 14:32:55, on 22/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\logitech\iTouch\iTouch.exe
D:\daemon\daemon.exe
D:\logitech\MouseWare\system\em_exec.exe
D:\quicktime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\d-link\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
D:\HP\Digital Imaging\bin\hpohmr08.exe
D:\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\HP\Digital Imaging\bin\hpoevm08.exe
D:\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
D:\counterspy\sunThreatEngine.exe
D:\counterspy\SunProtectionServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\cLbview.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - Start HJT en doe een systemscan only en vink onderstaande regels aan en klik op fix checked.
[b:bd02fd5745]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart[/b:bd02fd5745]
Verwijder via verkenner onderstaand bestand.(dikgedrukt)
C:\Program Files\[b:bd02fd5745]SpyBro\SpyBro.exe" /autostart[/b:bd02fd5745]
Wil je onderstaand bestand uploaden bij jotti aub. http://virusscan.jotti.org/
C:\WINDOWS\system32\[b:bd02fd5745]cLbview.dll[/b:bd02fd5745]
Voer eens een online virusscan uit bij [b:bd02fd5745]Panda[/b:bd02fd5745].
Klik op[b:bd02fd5745]"scan your PC"[/b:bd02fd5745]
Er opent een nieuw venster
Klik op [b:bd02fd5745]"check now"[/b:bd02fd5745]
Er opent een nieuw venster. Vul daar je land in en een geldig e-mail adres.
Klik dan op [b:bd02fd5745]"scan now"[/b:bd02fd5745]
[i:bd02fd5745]Als je Panda nog nooit hebt gebruikt, wordt er een [b:bd02fd5745]Active X[/b:bd02fd5745] element gedownload, geef hier toestemming voor door op [b:bd02fd5745]"install"[/b:bd02fd5745] te drukken.[/i:bd02fd5745]
Je ziet dan in beeld [b:bd02fd5745]"Select a device to scan…" [/b:bd02fd5745]
kies voor [b:bd02fd5745]"My Computer"[/b:bd02fd5745]
De computer wordt nu gescand (dit duurt wel even).
Als de scan klaar is
Klik op [b:bd02fd5745]"See report" [/b:bd02fd5745]en dan op [b:bd02fd5745]"save report"[/b:bd02fd5745]
Open het tekstbestand en selecteer de gehele tekst. Kies [b:bd02fd5745]"kopieren"[/b:bd02fd5745] en post het hier in je antwoord.
Dus in volgende post.
1 : Het jotti antwoord
2 : Het panda logje
3 : een nieuw HJT logje ter controle.
Succes - oke, Ik heb ongeveer gedaan wat je me hebt gezegd.
dit is ten eerste de log van de panda scan:
Incident Status Location
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\cLbview.dll
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard121.dat
Adware:adware/look2me Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@metriweb[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
Adware:Adware/SaveNow Not disinfected C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
Adware:Adware/Yazzle Not disinfected C:\SnowballWarsInstaller.exe
Dialer
ialer.Gen Not disinfected D:\scansoft\ScanSoft PaperPort Pro Office 9.0\Other\PagisConverter\ENGLISH\data1.cab[convproc.exe]
Adware:Adware/Bitamobar Not disinfected E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar[call.of.duty.2.multiplayer.private.server.1.0.patch-icu.zip][crack-inf.exe][autoupdatev2.exe]
Adware:Adware/Bitamobar Not disinfected E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar[Call_of_Duty_PLUS_2_TRAINER-PiZZADOX.ZIP][crack-inf.exe][autoupdatev2.exe]
Spyware:Cookie/Atlas DMT Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@doubleclick[1].txt
Spyware:Cookie/MetriWeb Not disinfected F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@metriweb[1].txt
Spyware:Cookie/YieldManager Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@ad.yieldmanager[2].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@ADY~2.TXT]
Spyware:Cookie/Belnk Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@belnk[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@BEL~1.TXT]
Spyware:Cookie/Belnk Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@dist.belnk[2].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DIS~2.TXT]
Spyware:Cookie/Doubleclick Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@doubleclick[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DOU~1.TXT]
Spyware:Cookie/MetriWeb Not disinfected F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@metriweb[1].txt.nco[20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@MET~1.TXT]
als 2de heb is dit de lijst van jotti: eerste kader
AntiVir
Found Adware-Spyware/Look2Me.ab adware
ArcaVir
Found Adware.Looktome.Ab
Avast
Found Win32:Adware-gen.
AVG Antivirus
Found Generic.FWR
BitDefender
Found Trojan.Candebe.CZ
ClamAV
Found Adware.Lookme-26
Dr.Web
Found Adware.Look2me
F-Prot Antivirus
Found security risk or a "backdoor" program
Fortinet
Found Adware/Look2me
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.Look2Me.ab
NOD32
Found Win32/Adware.Look2Me application
Norman Virus Control
Found W32/Look2Me.DE
UNA
Found nothing
VirusBuster
Found Trojan.PolyAgent.A
VBA32
Found AdWare.Look2Me.ab
2de kader:
AntiVir Trojan/PSW.LdPinch.jm1
ArcaVir X
Avast X
AVG Antivirus Dropper.Small.27.AC
BitDefender Trojan.Dropper.Joiner.AJ
ClamAV X
Dr.Web Trojan.MulDrop.1161 F-Prot
Antivirus X
Fortinet W32/Joiner.AJ!tr
Kaspersky Anti-Virus Constructor.Win32.MicroJoiner.17
NOD32 X
Norman Virus Control X
UNA X
VirusBuster X
VBA32 TrojanDropper.Win32.Joiner.aj
en dan tenslotte het nieuwe hjt logje:
Logfile of HijackThis v1.99.1
Scan saved at 19:50:38, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\logitech\iTouch\iTouch.exe
D:\d-link\AirGCFG.exe
D:\logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\HP\Digital Imaging\bin\hpohmr08.exe
D:\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\HP\Digital Imaging\bin\hpoevm08.exe
D:\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
E:\games\hl2\Steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
D:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\cLbview.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - Heel wat wijzer nu.
* [u:e5c1fac68f]Clean de Cache and Cookies in - heb gedaan wat je hebt gezegd
Look2Me-Destroyer logje:
Look2Me-Destroyer V1.0.12
Scanning for infected files…..
Scan started at 24/06/2006 0:30:06
Infected! C:\WINDOWS\system32\cLbview.dll
Infected! C:\WINDOWS\system32\cLbview.dll
Attempting to delete infected files…
Attempting to delete: C:\WINDOWS\system32\cLbview.dll
C:\WINDOWS\system32\cLbview.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\cLbview.dll
C:\WINDOWS\system32\cLbview.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
nieuw hjt logje:
Logfile of HijackThis v1.99.1
Scan saved at 0:38:44, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\logitech\iTouch\iTouch.exe
D:\d-link\AirGCFG.exe
D:\logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
D:\HP\Digital Imaging\bin\hpohmr08.exe
D:\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\HP\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - Hoeveel virusscanners heb je nu draaien, volgens mij zie ik macfee en NOD32 klopt dat. Als NOD32 onderdeel is van HITman :cry: zou ik die IIG uitzetten of liever helemaal verwijderen(samen met HMP maar dat is persoonlijk)
Ik zie op dit moment geen rare dingen meer in je logje maar ik wil je toch nog even onderstaande aanbieden.
* [u:c487205c05]Clean de Cache and Cookies in - heb wat weinig tijd gehad gisteren maar hier is het rapport van Hjt en ewido
ewido
C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar/Call_of_Duty_PLUS_2_TRAINER-PiZZADOX.ZIP/crack-inf.exe -> Dropper.Agent.aao : Error during cleaning.
E:\games\COD II\cod2 uitgepakt\xtape[1].net.ru_Call_Of_Duty2.rar/call.of.duty.2.multiplayer.private.server.1.0.patch-icu.zip/crack-inf.exe -> Dropper.Agent.aao : Error during cleaning.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\nieuwe backup\20043108_165635_PC1\C\Documents and Settings\PC\Cookies\pc@cz8.clickzs[1].txt.nco/20043108_165635_PC1\C\DOCUME~1\PC\Cookies\PC@CZ8~1.TXT -> TrackingCookie.Clickzs : Error during cleaning.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\Backup\Documents and Settings\gebruiker\Cookies\gebruiker@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@doubleclick[1].txt.nco/20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@DOU~1.TXT -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\backup 30-08-2005\20053008_173552_PC\C\Documents and Settings\PC\Cookies\pc@ad.yieldmanager[2].txt.nco/20053008_173552_PC\C\DOCUME~1\PC\Cookies\PC@ADY~2.TXT -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\asdlf3vv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
::Report end
HJt log
Logfile of HijackThis v1.99.1
Scan saved at 14:00:28, on 26/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ewido\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\logitech\iTouch\iTouch.exe
D:\d-link\AirGCFG.exe
D:\logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
D:\HP\Digital Imaging\bin\hpohmr08.exe
D:\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\games\hl2\Steam.exe
D:\HP\Digital Imaging\bin\hpoevm08.exe
D:\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\counterspy\sunThreatEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\d-link\AirGCFG.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunServer] D:\counterspy\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "D:\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - wil je nogmaals Ewido laten scannen en laat nu verwijderen wat het vind.
Plaats daarna aub een nieuw logje van HJT aub.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.