Vraag & Antwoord
opstart probleem en logfile
16 antwoorden
- hoi ik heb het volgende probleem,als ik mijn pc opstart start hij op totdat mijn virusscan moet opstarten dit duurd een paar minuten en tot die tijd is de windows firewall ook nog niet ingeschakeld.
heb al tal van scanprogrammas er overheen gegooid en ccleaner
alles lijkt schoon te zijn.
deze trojaan vond ik wel meerdere malen
Win32.Bifrose.aas en zit volgens mij in een update van nero 7 teminste toen ik die update over nero heen instaleerde merkte kaspersky hem op.
HIER MIJN LOGFILE :
Logfile of HijackThis v1.99.1
Scan saved at 2:00:15, on 13-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\extra map Ben Crooijmans\hijackthislog\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe - geen spoor van een virus.
Daar je al van alles gedraaid hebt, wil je onderstaande doen aub.
Download [b:da6d511e4e]Combofix[/b:da6d511e4e] naar je Bureaublad.[list:da6d511e4e]
Dubbelklik [b:da6d511e4e]Combofix.exe[/b:da6d511e4e]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:da6d511e4e]NIET[/b:da6d511e4e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:da6d511e4e]
Wanneer de fix voltooid is en na herstart, zal de log [b:da6d511e4e]combofix.txt[/b:da6d511e4e] openen.
[i:da6d511e4e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:da6d511e4e]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - HP_Eigenaar - 06-11-13 23:55:51,51 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\HP_Eigenaar\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))
2006-11-12 23:31 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
2006-11-11 14:00 774,144 –a—— C:\WINDOWS\system32\vsfilter.dll
2006-11-11 14:00 679,936 –a—— C:\WINDOWS\system32\xvidcore.dll
2006-11-11 14:00 421,888 –a—— C:\WINDOWS\system32\OpenQuicktimeLib.dll
2006-11-11 14:00 1,024,000 –a—— C:\WINDOWS\system32\3ivx.dll
2006-10-29 23:16 110,592 –a—— C:\WINDOWS\system32\ccrpbds6.dll
2006-10-25 19:50 892,928 –a—— C:\WINDOWS\system32\NCTAudioInformation.dll
2006-10-25 19:50 274,432 –a—— C:\WINDOWS\system32\NCTAudioPlayer.dll
2006-10-25 19:50 233,472 –a—— C:\WINDOWS\system32\lame_enc.dll
2006-10-25 19:50 1,703,936 –a—— C:\WINDOWS\system32\NCTAudioFile.dll
2006-10-25 02:31 94,208 ——— C:\WINDOWS\system32\Msstkprp.dll
2006-10-25 02:31 6,144 ——— C:\WINDOWS\system32\drivers\cinemsup.sys
2006-10-25 02:31 45,056 ——— C:\WINDOWS\system32\Swcmcfg.dll
2006-10-25 02:31 36,864 ——— C:\WINDOWS\system32\cinemres.dll
2006-10-25 02:31 30,720 ——— C:\WINDOWS\system32\Cinmhook.dll
2006-10-25 02:31 262,144 ——— C:\WINDOWS\system32\dvdpld32.dll
2006-10-25 02:31 2,940,928 ——— C:\WINDOWS\system32\Cinmst32.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-13 00:46 ——– d——– C:\Program Files\Microsoft AntiSpyware
2006-11-13 00:12 ——– d——– C:\Program Files\SpywareBlaster
2006-11-13 00:03 ——– d——– C:\Program Files\EMCO Malware Destroyer
2006-11-12 23:43 ——– d——– C:\Program Files\Registry Mechanic
2006-11-12 23:06 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\Ahead
2006-11-12 21:18 ——– d——– C:\Program Files\Common Files\Ahead
2006-11-12 16:27 ——– d——– C:\Program Files\Banner Maker Pro for Flash
2006-11-11 21:10 ——– d——– C:\Program Files\DVD Shrink
2006-11-11 21:09 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-11-11 16:50 ——– d——– C:\Program Files\Nero
2006-11-11 14:35 ——– d——– C:\Program Files\Common Files
2006-11-11 14:21 ——– d——– C:\Program Files\Diskeeper Corporation
2006-11-11 14:02 ——– d——– C:\Program Files\Ahead
2006-11-11 14:00 ——– d——– C:\Program Files\K-Lite Codec Pack
2006-11-11 13:57 ——– d——– C:\Program Files\CoverGet
2006-10-29 23:16 ——– d——– C:\Program Files\PIXresizer
2006-10-29 15:32 ——– d—s—- C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft
2006-10-29 15:21 ——– d——– C:\Program Files\Microsoft Office
2006-10-29 15:21 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-10-28 13:21 ——– d——– C:\Program Files\NCH Swift Sound
2006-10-27 16:49 ——– d——– C:\Program Files\besweet
2006-10-25 20:24 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\NCH Swift Sound
2006-10-25 20:10 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\RecordPad
2006-10-25 02:31 ——– d——– C:\Program Files\Ravisent
2006-10-25 02:31 ——– d——– C:\Program Files\Common Files\Ravisent Shared
2006-10-24 22:59 ——– d——– C:\Program Files\SubRip
2006-10-20 18:59 ——– d——– C:\Documents and Settings\HP_Eigenaar\Application Data\Canon
2006-10-17 18:56 ——– d——– C:\Program Files\Maketorrent 2
2006-10-12 18:12 61072 –a—— C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 18:12 59536 –a—— C:\WINDOWS\system32\drivers\klin.sys
2006-09-13 06:07 1084416 ——— C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 –a—— C:\WINDOWS\system32\msxml4.dll
2006-08-25 16:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-22 23:31 5906432 ——— C:\WINDOWS\system32\ieframe.dll
2006-08-22 23:31 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-08-22 23:31 457728 ——— C:\WINDOWS\system32\msfeeds.dll
2006-08-22 23:31 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-08-22 23:31 225792 –a—— C:\WINDOWS\system32\webcheck.dll
2006-08-22 23:31 175616 ——— C:\WINDOWS\system32\ieui.dll
2006-08-22 23:31 152064 –a—— C:\WINDOWS\system32\msls31.dll
2006-08-22 23:18 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-08-22 23:18 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-22 23:17 40448 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-08-22 23:17 105472 –a—— C:\WINDOWS\system32\url.dll
2006-08-22 23:17 100352 –a—— C:\WINDOWS\system32\occache.dll
2006-08-22 23:16 16896 –a—— C:\WINDOWS\system32\corpol.dll
2006-08-22 23:14 378368 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-08-22 23:14 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-08-22 23:13 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-08-22 23:13 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-08-22 23:13 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-08-22 23:13 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-08-22 23:13 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-08-22 23:13 122880 –a—— C:\WINDOWS\system32\advpack.dll
2006-08-22 23:13 11776 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-08-22 23:11 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-08-22 23:10 61440 ——— C:\WINDOWS\system32\icardie.dll
2006-08-22 23:10 35328 –a—— C:\WINDOWS\system32\imgutil.dll
2006-08-22 23:09 262656 ——— C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:07 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-08-22 22:37 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-08-22 22:36 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 22:30 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-08-21 13:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-13 23:57:16.90
C:\ComboFix.txt … 06-11-13 23:57 - Logfile of HijackThis v1.99.1
Scan saved at 0:00:58, on 14-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\extra map Ben Crooijmans\hijackthislog\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe - Het Hijackthis log is vrijwel schoon. Alleen de volgende regel valt als "nasty" uit de toon:
[b:dc23592fa6]
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
[/b:dc23592fa6]
@ home wil dus graag je startpagina blijven. :-?
Met Combofix heb ik echter geen ervaring. Is dat net zoiets als Hijackthis?
Wie kan er iets meer over vertellen? - gebruikt tweak toevallig de analyser, ga daar niet op af ivm de valste positieve.
Ik weet wel af van combofix dus mag ik eerst daar even naar kijken voor je de fix voor me afmaakt.?? - geen spoor van die trojan die je meld, toch maar een scanner gebruiken want wie weet verbergt hij zich.
Download en installeer [b:56fb7ffa39]AVG Anti-Spyware[/b:56fb7ffa39].[list:56fb7ffa39]
Na de installatie, open AVG Anti-Spyware:
* onder "[b:56fb7ffa39]Status[/b:56fb7ffa39]", klik op [b:56fb7ffa39]Change state[/b:56fb7ffa39] naast "Resident shield". (wijzig van active naar [b:56fb7ffa39]inactive[/b:56fb7ffa39]!)
* onder "[b:56fb7ffa39]Update[/b:56fb7ffa39]", klik op de [b:56fb7ffa39]Start update[/b:56fb7ffa39] knop.
* onder "[b:56fb7ffa39]Scanner[/b:56fb7ffa39]", tab "Settings":[list:56fb7ffa39]- onder "How to act?", klik op "[u:56fb7ffa39]Recommended actions[/u:56fb7ffa39]" en selecteer [b:56fb7ffa39]Quarantine[/b:56fb7ffa39]. ([b:56fb7ffa39]ZEER BELANGRIJK![/b:56fb7ffa39])
* onder "Reports", selecteer [b:56fb7ffa39]Automatically generate report after every scan[/b:56fb7ffa39] en [u:56fb7ffa39]verwijder[/u:56fb7ffa39] het vinkje bij [b:56fb7ffa39]Only if threats were found[/b:56fb7ffa39][/list:u:56fb7ffa39]
Sluit AVG Anti-Spyware. Laat het [b:56fb7ffa39]nog niet[/b:56fb7ffa39] scannen.[/list:u:56fb7ffa39]
Start op in veilige modus
Start [b:56fb7ffa39]AVG Anti-Spyware[/b:56fb7ffa39].[list:56fb7ffa39]* Klik op [b:56fb7ffa39]Scan[/b:56fb7ffa39] en kies [b:56fb7ffa39]Complete System Scan[/b:56fb7ffa39].
Na de scan; volg onderstaande instructies : - ik heb de regel van @home niet verwijdert hoor,zie niet in wat er mis is met @home als opstartpagina :-?
wel heb ik de volgende stappen van je opgevolgd wat betreft AVG
en hier het report :
———————————————————
AVG Anti-Spyware - Scan Report
———————————————————
+ Created at: 23:10:53 15-11-2006
+ Scan result:
C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\BugDoctor.ico -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-09-13_00-14-11.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-09-19_00-41-19.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-11_21-02-17.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-12_12-11-57.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-11-12_21-03-47.reg -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74DE36A-B95C-49A1-8F41-A09F3D187747} -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SoftwareDoctor\ErrorDoctor\1.3 -> Adware.SoftwareDoctor : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Avg heeft dus wel het scanprogje van errordoctor onbruikbaar gemaakt
en wordt als adware beschouwt :-?
is dit een schadelijk progje dan,heb er nooit problemen mee gehad.
maar verder zijn de problemen nog niet opgelost. - Ik moet zeggen dat ik het hele progje niet ken, ik ga dat eens opzoeken, maar avg heeft niet de neiging om goeie dingen te verwijderen. Je hoort van me.
Juisterr - Symantec vind het adware en spyware en dus rommel. Volgens mij mag het gewoon weg.
en als je googled naar softwaredoctor kom je vanzelf dit tegen
http://www.bleepingcomputer.com/startups/AgentSpyware-15569.html
en dan weet ik zeker dat hij weg mag, dus je mag nogmaals scannen en dan alles verwijderen wat het vind.
Plaats daarna een nieuw logje aub
Juisterr - bedankt voor de info,maar errordoctor staat al in quarantine
moet ik die definetief verwijderen dan?
ik ben nu aan het scannen maar die duurt bijna 2 uur dus het logje volgt wat later - het nieuwe logje AVG
———————————————————
AVG Anti-Spyware - Scan Report
———————————————————
+ Created at: 22:54:35 16-11-2006
+ Scan result:
C:\Documents and Settings\HP_Eigenaar\Cookies\hp_eigenaar@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
::Report end - dat is alvast mooi, hoe is het met de problemen nu?
- nee het probleem is er niet mee verholpen :-?
- Hmmm
Download sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Plaatst het op je bureaublad.
Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
Zorg dat aangevinkt zijn:
- Running processes
- Windows Registry
- Local Hard Drives
Klik op de knop "Start Scan".
Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
Ga naar Start - Uitvoeren en tik in: [b:b010a614c5]%temp%\sarscan.log[/b:b010a614c5]
Er opent een kladblokbestandje. Post de inhoud van dit bestand.
bvd
Juisterr - Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 19-11-2006 at 23:24:29
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40
Stopped logging on 19-11-2006 at 23:29:46
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.