Vraag & Antwoord
logfile highjackthis
10 antwoorden
- Wie wil hier even naar kijken:
Logfile of HijackThis v1.99.1
Scan saved at 18:13:28, on 4-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
E:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc
O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - Ga naar start - uitvoeren en tik in:
[b:6318033e3d]sc delete MsaSvc[/b:6318033e3d]
Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:
[b:6318033e3d]O4 - Startup: Reboot.exe[/b:6318033e3d]
Klik daarna op "Fix checked" en sluit HijackThis af.
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog. - G‚janne - 06-11-04 21:04:14,32 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\G‚janne\Bureaublad"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{300DCC10-0BF3-1043-1221-05060305001f}
C:\Program Files\Common Files\{700DCC10-0BF3-1043-1221-05060305001f}
((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))
2006-11-04 15:45 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-11-04 15:45 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
2006-11-04 15:44 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
2006-11-04 15:44 102,912 –a—— C:\WINDOWS\system32\islzma.dll
2006-11-04 15:30 46,352 –a—— C:\WINDOWS\setdebug.exe
2006-11-04 15:30 139,536 –a—— C:\WINDOWS\system32\javaee.dll
2006-11-04 15:30 113 –a—— C:\WINDOWS\system32\zonedon.reg
2006-11-04 15:30 113 –a—— C:\WINDOWS\system32\zonedoff.reg
2006-11-04 15:23 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-31 22:10 115,642 –a—— C:\WINDOWS\system32\tdc.exe
2006-10-31 22:07 10,911 –a—— C:\sbgsyga.exe
2006-10-05 18:08 162,304 –a—— C:\UNWISE.EXE
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-04 21:05 ——– d——– C:\Program Files\Common Files
2006-11-04 21:01 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Skype
2006-11-04 18:04 ——– d——– C:\Program Files\Hitman Pro
2006-11-04 15:50 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Lavasoft
2006-11-04 15:49 ——– d——– C:\Program Files\SpywareBlaster
2006-11-04 15:47 ——– d——– C:\Program Files\Spyware Doctor
2006-11-04 15:45 ——– d——– C:\Documents and Settings\G‚janne\Application Data\PC Tools
2006-11-04 15:44 ——– d——– C:\Program Files\Webroot
2006-11-04 15:44 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Webroot
2006-11-04 15:43 ——– d——– C:\Program Files\Lavasoft
2006-11-04 15:33 ——– d——– C:\Program Files\Google
2006-11-01 21:21 ——– d——– C:\Program Files\MSN
2006-11-01 21:17 ——– d——– C:\Documents and Settings\G‚janne\Application Data\MSN6
2006-11-01 18:16 ——– d——– C:\Program Files\PimpFish
2006-11-01 13:40 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Google
2006-10-31 22:41 ——– d——– C:\Program Files\Java
2006-10-31 22:36 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Help
2006-10-11 14:54 3350 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-29 15:36 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Adobe
2006-09-28 17:28 ——– d——– C:\Documents and Settings\G‚janne\Application Data\LimeWire
2006-09-27 13:03 ——– d——– C:\Program Files\Adobe
2006-09-27 13:02 ——– d——– C:\Program Files\Common Files\Adobe
2006-09-27 13:00 ——– d——– C:\Program Files\Windows Media Player
2006-09-27 12:59 ——– d——– C:\Program Files\Common Files\Adobe Systems Shared
2006-09-27 12:57 20016 ——— C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-09-27 08:34 778656 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 18:53 ——– d—s—- C:\Documents and Settings\G‚janne\Application Data\Microsoft
2006-09-19 17:19 ——– d——– C:\Program Files\Incomplete
2006-09-19 13:45 ——– d——– C:\Program Files\TRUST 640U SILVERLINE HEADSET USB
2006-09-17 20:37 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AdobeUM
2006-09-17 20:37 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AdobeAUM
2006-09-17 20:33 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
2006-09-12 14:35 ——– d——– C:\Program Files\LimeWire
2006-09-12 00:16 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Ahead
2006-09-11 11:48 ——– d——– C:\Program Files\Microsoft Works
2006-09-11 11:48 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-09-11 11:46 ——– d——– C:\Program Files\Internet Explorer
2006-09-11 11:43 ——– d——– C:\Program Files\Outlook Express
2006-09-11 11:43 ——– d——– C:\Program Files\Common Files\System
2006-09-10 23:00 ——– d——– C:\Program Files\Windows Live Toolbar
2006-09-10 22:52 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Sun
2006-09-09 13:02 ——– d–h—– C:\Program Files\WindowsUpdate
2006-09-09 12:55 ——– d——– C:\Program Files\Common Files\Ahead
2006-09-09 12:51 ——– d——– C:\Program Files\Nero
2006-09-09 12:47 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Macromedia
2006-09-09 11:44 56 -r-hs—- C:\WINDOWS\system32\F7FBD78099.sys
2006-09-09 11:40 ——– d——– C:\Program Files\Common Files\DESIGNER
2006-09-09 11:38 ——– d——– C:\Program Files\Corel
2006-09-09 11:38 ——– d——– C:\Program Files\Common Files\Corel
2006-09-09 11:26 ——– d——– C:\Program Files\CCleaner
2006-09-09 11:13 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Corel
2006-09-08 14:59 ——– d——– C:\Program Files\Common Files\InstallShield
2006-09-08 14:38 ——– d——– C:\Program Files\Common Files\Java
2006-09-08 14:32 4992 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-08 14:32 4288 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-08 14:32 27904 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-08 14:32 23424 –a—— C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-08 14:32 ——– d——– C:\Program Files\Grisoft
2006-09-08 14:32 ——– d——– C:\Documents and Settings\G‚janne\Application Data\AVG7
2006-09-08 14:28 ——– d——– C:\Program Files\Microsoft Visual Studio
2006-09-08 14:28 ——– d——– C:\Program Files\Microsoft Office
2006-09-08 14:21 ——– d——– C:\Program Files\xp-AntiSpy
2006-09-08 13:03 ——– d——– C:\Program Files\Common Files\SpeechEngines
2006-09-08 13:03 ——– d——– C:\Program Files\Common Files\ODBC
2006-09-08 13:02 62 –ahs—- C:\Documents and Settings\G‚janne\Application Data\desktop.ini
2006-09-08 12:12 ——– d——– C:\Program Files\Movie Maker
2006-09-08 12:10 ——– d——– C:\Program Files\Windows NT
2006-09-08 12:10 ——– d——– C:\Program Files\NetMeeting
2006-09-08 11:59 ——– d——– C:\Program Files\Realtek Sound Manager
2006-09-08 11:59 ——– d——– C:\Program Files\Realtek AC97
2006-09-08 11:59 ——– d——– C:\Program Files\AvRack
2006-09-08 11:58 ——– d——– C:\Program Files\directx
2006-09-08 11:51 ——– d——– C:\Program Files\S3
2006-09-08 11:49 ——– d——– C:\Program Files\VIA
2006-09-08 11:44 ——– d–h—– C:\Program Files\Uninstall Information
2006-09-08 11:44 ——– d——– C:\Documents and Settings\G‚janne\Application Data\Identities
2006-09-08 11:36 0 -rahs—- C:\MSDOS.SYS
2006-09-08 11:36 0 -rahs—- C:\IO.SYS
2006-09-08 11:36 0 –a—— C:\CONFIG.SYS
2006-09-08 11:36 0 –a—— C:\AUTOEXEC.BAT
2006-09-08 11:36 ——– d——– C:\Program Files\xerox
2006-09-08 11:36 ——– d——– C:\Program Files\microsoft frontpage
2006-09-08 11:35 ——– d——– C:\Program Files\Online Services
2006-09-08 11:34 ——– d——– C:\Program Files\Common Files\Services
2006-09-08 11:34 ——– d——– C:\Program Files\Common Files\MSSoap
2006-09-08 11:33 ——– d——– C:\Program Files\ComPlus Applications
2006-09-08 11:32 ——– d——– C:\Program Files\MSN Gaming Zone
2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SoundMan"="SOUNDMAN.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061104-210148-100
O4 - Startup: Reboot.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: 06-11-04 21:06:01.37
C:\ComboFix.txt … 06-11-04 21:06
Logfile of HijackThis v1.99.1
Scan saved at 21:07:26, on 4-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/scripts/common/index.main?signin=1&lang=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Basic Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PimpFish Basic - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?d0542f8f99954f2fa382b61858ee61dc
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?d0542f8f99954f2fa382b61858ee61dc
O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Program Files\PimpFish\GRABPIC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://supergees.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157803335902
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe - Logje ziet er goed uit.
Ga naar deze website: http://www.virustotal.com/en/indexf.html
Laat volgend bestandje scannen: C:\sbgsyga.exe
Post het resultaat van de scan. - STATUS: FINISHEDComplete scanning result of "sbgsyga.exe", received in VirusTotal at 11.04.2006, 21:34:40 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.04.2006 could be a corrupted executable file
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.04.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 no virus found
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 no virus found
VBA32 3.11.1 11.04.2006 no virus found
VirusBuster 4.3.15:9 11.04.2006 no virus found
Aditional Information
File size: 10911 bytes
MD5: 84ceb89c634115c702182b34c3e2d26a - Als jij niet weet wat het is, dan zou ik sbgsyga.exe maar verwijderen.
Zijn er nog problemen? - Zo op het eerste gezicht lijkt de machine weer goed te draaien maar ik kan nog steeds de firewall van Windows niet meer inschakelen. Dan krijg ik de meelding: "De instellingen van Windows Firewall kunnen door onbekende oorzaak niet worden weergegeven".
- Download sharedaccess.reg en plaats het bestand op je bureaublad.
Dubbelklik op sharedaccess.reg, en laat de wijzigingen aan het register toevoegen.
Herstart de computer.
Ga daarna naar Start - Uitvoeren en tik in [b:9d02e07270]cmd[/b:9d02e07270] en daarna op OK.
Achter de opdracht prompt tik je dit commando in: [b:9d02e07270]NETSH FIREWALL RESET[/b:9d02e07270]
Druk nu op Enter.
Ga naar Configuratiescherm - Software - Windows Firewall en kijk of de Firewall-instellingen nu wel worden weergegeven.
Indien dat niet helpt dan probeer je oplossing 2 van hier. - Beste M@rc, He hartsikke veel dank….. Machientje loopt weer als een naaimachine !!!!!
- Houden zo. :wink:
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden