Vraag & Antwoord
virus scanner checkt mail terwijl er niks gestuurd wordt.
22 antwoorden
- hallow
ik gebruik avg virus scan. nu krijg ik af en toe een melding dat hij pop3 aan het checken is. terwijl ik helemaal geen email ontvang of verzend. ben ook niks aan het doen met email programma's of wat dan ook. ook is er niemand anders op het netwerk emails aan het verzenden. iemand enige idee wat dat is, en hoe ik dit kan oplossen??
mvg - Kan je een hijackthislog maken en deze posten?
- hierbij een hijackthislog. Zoals gevraagd
zou iemand hier eens naar kunnen kijken.
alvast bedankt
note. Ik heb deze log niet gemaakt tijdens dat me virus scanner de pop3 checkte. Ik heb er op zitten w88 maar hij deed het nu niet. (zal je altijd zien)
maar als er een virus of andere gekkigheid op zit zou je dat hieruit toch ook moeten zien.
Logfile of HijackThis v1.99.1
Scan saved at 23:08:27, on 22-11-2006
Platform: Windows XP
(MSIE: Internet Explorer v6.00
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\System32\MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\System32\MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\System32\MMTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe - Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt). - oke ik heb combofix.exe gedownload en gedraaid. moet ik deze logfile ook posten??
- [quote:5038b17ba4="hello"]oke ik heb combofix.exe gedownload en gedraaid. moet ik deze logfile ook posten??[/quote:5038b17ba4]ik kan je even pesten hiermee
maar je moet het inderdaad in een volgend antwoord posten - Bij deze
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Tonie\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))
2006-11-22 22:47 <DIR> d——– C:\Program Files\HijackThis
2006-11-22 20:21 <DIR> dr-h—– C:\Documents and Settings\Tonie\Onlangs geopend
2006-11-18 22:47 <DIR> d–h—– C:\WINDOWS\PIF
2006-11-10 23:58 <DIR> d——– C:\WINDOWS\pss
2006-11-04 23:40 <DIR> d——– C:\Documents and Settings\Tonie\Application Data\Real
2006-11-04 16:51 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Ubisoft
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-22 23:19 ——– d——– C:\Documents and Settings\Tonie\Application Data\Azureus
2006-11-12 21:38 ——– d——– C:\Program Files\eMule
2006-11-10 22:53 ——– d——– C:\Documents and Settings\Tonie\Application Data\Skype
2006-10-26 23:14 ——– d——– C:\Program Files\ACE Mega CoDecS Pack
2006-10-20 16:53 ——– d——– C:\Program Files\Vstep
2006-10-20 16:48 ——– d——– C:\Program Files\Alcohol Soft
2006-10-18 13:13 77824 –a—— C:\WINDOWS\system32\qttask.exe
2006-10-15 21:39 ——– d—s—- C:\Documents and Settings\Tonie\Application Data\Microsoft
2006-10-15 15:20 ——– d——– C:\Documents and Settings\Tonie\Application Data\DivX
2006-10-15 14:45 ——– d——– C:\Program Files\DivX
2006-10-15 14:42 15926792 –a—— C:\DivXInstaller.exe
2006-10-15 13:18 304431616 –a—— C:\UT2004-Demo3334.exe
2006-10-03 10:09 778656 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 10:09 27904 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-02 20:04 806912 –a—— C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 –a—— C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 –a—— C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 –a—— C:\WINDOWS\system32\DivX.dll
2006-10-01 12:15 ——– d——– C:\Documents and Settings\Tonie\Application Data\AVG7
2006-10-01 12:11 4992 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-01 12:11 4288 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-01 12:10 499712 –a—— C:\WINDOWS\system32\msvcp71.dll
2006-10-01 12:10 348160 –a—— C:\WINDOWS\system32\msvcr71.dll
2006-10-01 12:10 ——– d——– C:\Program Files\Grisoft
2006-09-22 18:12 17144 –a—— C:\Documents and Settings\Tonie\Application Data\GDIPFONTCACHEV1.DAT
2006-09-07 17:04 62 –ahs—- C:\Documents and Settings\Tonie\Application Data\desktop.ini
2006-09-07 15:19 0 -rahs—- C:\MSDOS.SYS
2006-09-07 15:19 0 -rahs—- C:\IO.SYS
2006-09-07 15:19 0 –a—— C:\CONFIG.SYS
2006-09-07 15:19 0 –a—— C:\AUTOEXEC.BAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"C-Media Mixer"="Mixer.exe /startup"
"STOPzilla"="C:\\Program Files\\STOPzilla!\\STOPzilla.exe /autostart"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"MMTrayLSI"="C:\\WINDOWS\\System32\\MMTrayLSI.exe"
"MMTray2K"="C:\\WINDOWS\\System32\\MMTray2k.exe"
"MMTray"="C:\\WINDOWS\\System32\\MMTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BTTray.lnk"
"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sitecom\\BLUETO~1\\BTTray.exe "
"item"="BTTray"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-23 10:13:21.17
C:\ComboFix.txt … 06-11-23 10:13 - Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Plaatst het op je bureaublad.
Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
Zorg dat aangevinkt zijn:
- Running processes
- Windows Registry
- Local Hard Drives
Klik op de knop "Start Scan".
Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
Ga naar Start - Uitvoeren en tik in: [b:03accdc540]%temp%\sarscan.log[/b:03accdc540]
Er opent een kladblokbestandje. Post de inhoud van dit bestand. - de log van Sophos
Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 23-11-2006 at 19:39:51
Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 23-11-2006 at 19:44:14
Stopped logging on 23-11-2006 at 19:44:20
Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 23-11-2006 at 19:45:03
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Tag
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Group
Stopped logging on 23-11-2006 at 19:47:27 - Ik was je topic helemaal uit het oog verloren.
Probleem is er nog steeds?
Maak een nieuwe hijackthislog. - oke kan gebeuren bedankt dat je er nog op terug komt
hier een nieuwe log
Logfile of HijackThis v1.99.1
Scan saved at 19:09:05, on 1-12-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\System32\MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\System32\MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\System32\MMTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{128FC9C4-8641-4399-8500-C4D840F22524}: NameServer = 194.134.5.5,194.134.0.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe - heb ook gelijk een combofix log gemaakt aangezien je de vorige keer daar ook om vroeg
ComboFix 06.11.22 - Running from: "C:\Tonie netwerk\shit dat moet blijven op deze pc\proggie's en drivers"
((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))
2006-11-24 23:59 <DIR> d——– C:\Program Files\mosw.com
2006-11-24 14:51 <DIR> dr-h—– C:\Documents and Settings\Tonie\Onlangs geopend
2006-11-23 19:42 <DIR> d——– C:\WINDOWS\Minidump
2006-11-23 19:39 <DIR> d——– C:\SOPHTEMP
2006-11-22 22:47 <DIR> d——– C:\Program Files\HijackThis
2006-11-18 22:47 <DIR> d–h—– C:\WINDOWS\PIF
2006-11-10 23:58 <DIR> d——– C:\WINDOWS\pss
2006-11-04 23:40 <DIR> d——– C:\Documents and Settings\Tonie\Application Data\Real
2006-11-04 16:51 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Ubisoft
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 19:12 ——– d——– C:\Documents and Settings\Tonie\Application Data\Azureus
2006-11-29 16:13 ——– d——– C:\Program Files\eMule
2006-11-10 22:53 ——– d——– C:\Documents and Settings\Tonie\Application Data\Skype
2006-10-26 23:14 ——– d——– C:\Program Files\ACE Mega CoDecS Pack
2006-10-20 16:53 ——– d——– C:\Program Files\Vstep
2006-10-20 16:48 ——– d——– C:\Program Files\Alcohol Soft
2006-10-18 13:13 77824 –a—— C:\WINDOWS\system32\qttask.exe
2006-10-15 21:39 ——– d—s—- C:\Documents and Settings\Tonie\Application Data\Microsoft
2006-10-15 15:20 ——– d——– C:\Documents and Settings\Tonie\Application Data\DivX
2006-10-15 14:45 ——– d——– C:\Program Files\DivX
2006-10-15 14:42 15926792 –a—— C:\DivXInstaller.exe
2006-10-15 13:18 304431616 –a—— C:\UT2004-Demo3334.exe
2006-10-03 10:09 778656 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 10:09 27904 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-02 20:04 806912 –a—— C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 –a—— C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 –a—— C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 –a—— C:\WINDOWS\system32\DivX.dll
2006-10-01 12:15 ——– d——– C:\Documents and Settings\Tonie\Application Data\AVG7
2006-10-01 12:11 4992 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-01 12:11 4288 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-01 12:10 499712 –a—— C:\WINDOWS\system32\msvcp71.dll
2006-10-01 12:10 348160 –a—— C:\WINDOWS\system32\msvcr71.dll
2006-10-01 12:10 ——– d——– C:\Program Files\Grisoft
2006-09-22 18:12 17144 –a—— C:\Documents and Settings\Tonie\Application Data\GDIPFONTCACHEV1.DAT
2006-09-07 17:04 62 –ahs—- C:\Documents and Settings\Tonie\Application Data\desktop.ini
2006-09-07 15:19 0 -rahs—- C:\MSDOS.SYS
2006-09-07 15:19 0 -rahs—- C:\IO.SYS
2006-09-07 15:19 0 –a—— C:\CONFIG.SYS
2006-09-07 15:19 0 –a—— C:\AUTOEXEC.BAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"C-Media Mixer"="Mixer.exe /startup"
"STOPzilla"="C:\\Program Files\\STOPzilla!\\STOPzilla.exe /autostart"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"MMTrayLSI"="C:\\WINDOWS\\System32\\MMTrayLSI.exe"
"MMTray2K"="C:\\WINDOWS\\System32\\MMTray2k.exe"
"MMTray"="C:\\WINDOWS\\System32\\MMTray.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BTTray.lnk"
"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sitecom\\BLUETO~1\\BTTray.exe "
"item"="BTTray"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-01 19:13:22.13
C:\ComboFix.txt … 06-12-01 19:13
C:\ComboFix2.txt … 06-11-23 10:13 - heb ook effe die spos anti-rook kit gedraaid. maar daar kan ie niks meer vinden.
of het probleem er nog steeds is durft ik niet te zeggen want hij doet het maar af en toe, maar misschien dat je aan de hand hiervan kan een goede indicatie kan geven of er nog een of ander vaag ding op me pc zit.
alvast bedankt - De logjes zien er goed uit.
Download Dr. Web CureIt.
Plaats het op je bureaublad.
[list:27e9a61906]
[*:27e9a61906]Dubbelklik op [b:27e9a61906]drweb-cureit.exe[/b:27e9a61906] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'.
[*:27e9a61906]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje.
[*:27e9a61906]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten.
[*:27e9a61906]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
[*:27e9a61906]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:27e9a61906]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:27e9a61906]
[*:27e9a61906]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:27e9a61906]Move incurable[/b:27e9a61906].
[img:27e9a61906]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:27e9a61906]
Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden.
[*:27e9a61906]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad.
[*:27e9a61906]Sluit het programma Dr. Web CureIt af.
[*:27e9a61906]Herstart de computer en post het logje.
[/list:u:27e9a61906] - heb drweb cureIt gedraaid.
hij vond 2 dingen
klein detail:
-Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
deze vraag heeft hij nooit gesteld zowel niet move of cure it.
ben gelijk naar deze stap gegaan
-Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden.
hieronder is het logje te zien
A0000034.exe C:\System Volume Information\_restore{381A2805-1CD1-4951-A16A-B6F84DC25652}\RP2 Probably BACKDOOR.Trojan Incurable.Moved.
A0000063.exe C:\System Volume Information\_restore{381A2805-1CD1-4951-A16A-B6F84DC25652}\RP2 Probably BACKDOOR.Trojan Incurable.Moved. - Beiden zitten in systeemherstelpunten.
Kijk even of het probleem nog optreedt. - Het vervelende van mijn probleem is dat het niet continue optreed, dus of het weg is weet ik niet. ik zal kijken of tijdens mijn werkzaam heden morgen op de pc, ik het probleem nog voorbij zie komen.
maar wat is het probleem dat het in systeem herstel punten zit ??
kan ik niet een of andere remove tool downloaden en ze dan verwijderen?? :oops: - Systeemherstelpunten zijn niet zo maar toegankelijk.
Als gebruiker heb je onvoldoende rechten om daar de bestanden te verwijderen.
DrWeb CureIt heeft de geïnfecteerde bestanden verwijderd uit je systeemherstelpunten. - ik heb het nog eens aangekeken. Zie het niet meer gebeuren, dus laten we maar aanemen dat het niet gebeurt. zie ook geen andere vreemde dingen meer gebeuren.
In elk geval erg bedankt voor je hulp en tijd. - ik heb het nog eens aangekeken. Zie het niet meer gebeuren, dus laten we maar aanemen dat het niet gebeurt. zie ook geen andere vreemde dingen meer gebeuren.
In elk geval erg bedankt voor je hulp en tijd.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
