Vraag & Antwoord
[hijachthis log] Wie wil dit even controleren?
14 antwoorden
- Nogmaals bedankt voor de moeite :wink: (ik kan het niet genoeg zeggen :lol: )
Ik heb TeaTime geactiveerd en het werkt goed
Groeten
Kristof - Deze log:
Logfile of HijackThis v1.99.1
Scan saved at 7:47:24, on 7/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\jspbderl.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServOMatic: sever - Unknown owner - C:\Program Files\Kwakkelflap\Service\ServOM.exe
—————
Symptomen: reageert traag/loopt vast/…
geen overmatig cpu gebruik of geheugen dat vol is…
(ps. Ik draai een BF1942 server lan, op de achtergrond, dit veroorzaakt de problemen niet)
Met vriendelijke groeten & bedankt!
//edit: avast vindt steeds opnieuw een trojan ( en kan die verwijderen, maar deze komt steeds terug…)
Ik ben niet zeker of dat alle problemen door een virus/trojan/… worden veroorzaakt, maar zonder een virusvrije windows install kan ik de HD (die ik verdenk van fouten) niet goed controleren - Ga naar deze website: http://www.virustotal.com/en/indexf.html
Laat volgend bestandje scannen: C:\WINDOWS\system32\jspbderl.dll
Post het resultaat van de scan. - Sinds 2 uur geleden krijg ik dit bij het opstarten:
- cannot find jspbderl.dll ……..
Mss heeft avast het verwijderd?
is het opgelost? (moet ik een nieuw logje plaatsen?)
Een klein nieuw probleem: Ik krijg (met firefox!!) hier (op dit forum) een popup van winativirus (ofzo), maar dat moet met spyware search & destroy op te lossen zijn
//edit: Wat moet ik eraan doen dat de 'file' nog in de lijst van HJT staat? Gewoon verwijderen?
Mvg & bedankt voor de hulp - Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:
[b:6288afb56e]O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\jspbderl.dll",setvm[/b:6288afb56e]
Klik daarna op "Fix checked" en sluit HijackThis af.
Volgens mij krijg je die popups omdat er nog steeds een infectie actief is.
Download reglooks.exe
Plaats het op je bureaublad.
Dubbelklik op reglooks.exe en wacht tot er een logfile opent. Post de inhoud van deze logfile. - de logfile:
REGLOOKS logfile
version 0.940
do 08/03/2007 18:47:27,57
running from: "C:\Documents and Settings\Danny\Bureaublad"
— SSODL regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"
— STS regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found
— USERINIT regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
— SHELL regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"
— SYSTEM regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""
— APPINIT_DLLS regkey —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""
— NOTIFY regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"jkhfe" "DllName"="C:\\WINDOWS\\system32\\jkhfe.dll"
"mljkkhi" "DllName"="mljkkhi.dll"
— RUN / LOAD regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""
— BOOTEXECUTE regkey —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0
— SHELLEXECUTEHOOKS regkey —
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
— AUTORUN regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
"AutoRun"=""
— HKLM\Run regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"SMSERIAL"="sm56hlpr.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ynaucuoi.dll\",setvm"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
— HKLM\RunOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found
— HKLM\RunOnceEx regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found
— HKLM\RunServices regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKLM\RunServicesOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKCU\Run regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
— HKCU\RunOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found
— HKCU\RunOnceEx regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist
— HKCU\RunServices regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKCU\RunServicesOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKLM\Explorer\Run regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— HKCU\Explorer\Run regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— Image File Execution regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found
— BROWSER HELPER OBJECTS regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
"{B02D75C2-54E7-4F2C-B428-717ED638728D}" FILE ="C:\\WINDOWS\\system32\\jkhfe.dll"
"{C47A9554-195A-4769-9B13-04F15B450A39}" FILE ="C:\\WINDOWS\\system32\\mljkkhi.dll"
"{D38439EC-4A7F-42b4-90C2-D810D7778FDD}" FILE ="C:\\WINDOWS\\system32\\cvkmabmv.dll"
— TOOLBAR regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
regkey does not exist
— URLSEARCHHOOKS regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found
— SRCEENSAVER regkey —
HKEY_CURRENT_USER\Control Panel\Desktop
"SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"
— CONTEXTMENUHANDLERS regkeys —
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
— SAFEBOOT MINIMAL SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found
— SAFEBOOT NETWORK SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
no unknown services found
— SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
"DisplayName"="avast! Asynchronous Virus Monitor"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
"DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
system32\DRIVERS\AegisP.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
"DisplayName"="avast! Standard Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
"DisplayName"="aswRdr"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
"DisplayName"="avast! Network Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
"DisplayName"="avast! iAVS4 Control Service"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
"DisplayName"="ATITool Overclocking Utility"
system32\DRIVERS\ATITool.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
"DisplayName"="avast! Antivirus"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
"DisplayName"="avast! Mail Scanner"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
"DisplayName"="avast! Web Scanner"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
"DisplayName"="WLAN miniUSB Adapter Driver"
system32\DRIVERS\EU3USB.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
"DisplayName"="Intel(R) PROSet/Wireless Event Log"
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
"DisplayName"="Hamachi Network Interface"
system32\DRIVERS\hamachi.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
"DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
system32\DRIVERS\HDAudBus.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
"DisplayName"="Microsoft HID Class-stuurprogramma"
system32\DRIVERS\hidusb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
"DisplayName"="Service for Realtek HD Audio (WDM)"
system32\drivers\RtkHDAud.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
"DisplayName"="Intel GV3-processorstuurprogramma"
system32\DRIVERS\intelppm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
"DisplayName"="Stuurprogramma voor muis-HID"
system32\DRIVERS\mouhid.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
"DisplayName"="ATK0100 ACPI UTILITY"
system32\DRIVERS\ATKACPI.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
"DisplayName"="Intel(R) PROSet/Wireless Registry Service"
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
"DisplayName"="Remote Registry"
%SystemRoot%\system32\svchost.exe -k LocalService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
system32\DRIVERS\rimsptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
system32\DRIVERS\risdptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
"DisplayName"="Intel(R) PROSet/Wireless Service"
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
"DisplayName"="WLAN-transport"
system32\DRIVERS\s24trans.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
"DisplayName"="ServOMatic: sever"
C:\Program Files\Kwakkelflap\Service\ServOM.exe 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
system32\DRIVERS\smserial.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
"DisplayName"="Stuurprogramma voor USB-scanner"
system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
"DisplayName"="VirtualFD"
\??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
"DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
system32\DRIVERS\w39n51.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
"DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
%SystemRoot%\System32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
no imagepath value found
— SECURITYPROVIDERS regkey —
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
— SVCHOST regkey —
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
HTTPFilter: HTTPFilter\0\0
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
Usnsvc: usnsvc\0\0
— STARTUP FOLDERS —
C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
— TASK SCHEDULER JOBS —
no .job files found
— File associations —
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1"
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
FINISHED
——————————————————————————
Hopelijk vind je het probleem
Mvg
Kristof - Download [b:74e6066b08]VundoFix.exe[/b:74e6066b08] en plaats het op je bureaublad.
Dubbelklik VundoFix.exe om het programma te starten.
Klik op de knop [b:74e6066b08]Scan for Vundo[/b:74e6066b08].
Als de scan klaar is, klik je op de knop "Remove Vundo".
Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES".
Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen.
Je krijgt een melding dat je PC zal afsluiten. Klik op "OK".
Start je pc opnieuw.
Post de inhoud van C:\vundofix.txt.
Maak een nieuwe hijackthislog en post deze ook.
Maak een nieuwe log met reglooks en post deze ook nog. - [quote:6b8ba945b3="M@rc"]
…………
Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen.
……….
Post de inhoud van C:\vundofix.txt.
Maak een nieuwe hijackthislog en post deze ook.
Maak een nieuwe log met reglooks en post deze ook nog.[/quote:6b8ba945b3]
Welke icoontjes moesten er verdwijnen op het bureaublad? (heb ik niet echt naar gekeken :oops: )
vundofix.txt:
VundoFix V6.3.15
Checking Java version…
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 11:12:39 10/03/2007
Listing files found while scanning….
C:\WINDOWS\system32\cvkmabmv.dll
C:\WINDOWS\system32\dwvmvydw.dll
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\mljkkhi.dll
C:\WINDOWS\system32\novqascw.dll
C:\WINDOWS\system32\vhhhwxip.dll
Beginning removal…
Attempting to delete C:\WINDOWS\system32\cvkmabmv.dll
C:\WINDOWS\system32\cvkmabmv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dwvmvydw.dll
C:\WINDOWS\system32\dwvmvydw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljkkhi.dll
C:\WINDOWS\system32\mljkkhi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhhhwxip.dll
C:\WINDOWS\system32\vhhhwxip.dll Has been deleted!
Performing Repairs to the registry.
Done!
——————————————————————————
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:21:10, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {CC35C10F-0271-4BF8-839C-7B55B6146592} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ynaucuoi.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServOMatic: sever - Unknown owner - C:\Program Files\Kwakkelflap\Service\ServOM.exe
———————————————————————————-
Log reglooks:
REGLOOKS logfile
version 0.940
za 10/03/2007 11:21:41,64
running from: "C:\Documents and Settings\Danny\Bureaublad"
— SSODL regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"
— STS regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found
— USERINIT regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
— SHELL regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"
— SYSTEM regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""
— APPINIT_DLLS regkey —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""
— NOTIFY regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found
— RUN / LOAD regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""
— BOOTEXECUTE regkey —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0
— SHELLEXECUTEHOOKS regkey —
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
— AUTORUN regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
"AutoRun"=""
— HKLM\Run regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"SMSERIAL"="sm56hlpr.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ynaucuoi.dll\",setvm"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
— HKLM\RunOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found
— HKLM\RunOnceEx regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found
— HKLM\RunServices regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKLM\RunServicesOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKCU\Run regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
— HKCU\RunOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found
— HKCU\RunOnceEx regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist
— HKCU\RunServices regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKCU\RunServicesOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKLM\Explorer\Run regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— HKCU\Explorer\Run regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— Image File Execution regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found
— BROWSER HELPER OBJECTS regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
"{CC35C10F-0271-4BF8-839C-7B55B6146592}" FILE ="C:\\WINDOWS\\system32\\jkhfe.dll"
— TOOLBAR regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
regkey does not exist
— URLSEARCHHOOKS regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found
— SRCEENSAVER regkey —
HKEY_CURRENT_USER\Control Panel\Desktop
"SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"
— CONTEXTMENUHANDLERS regkeys —
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
— SAFEBOOT MINIMAL SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found
— SAFEBOOT NETWORK SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
no unknown services found
— SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
"DisplayName"="avast! Asynchronous Virus Monitor"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
"DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
system32\DRIVERS\AegisP.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
"DisplayName"="avast! Standard Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
"DisplayName"="aswRdr"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
"DisplayName"="avast! Network Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
"DisplayName"="avast! iAVS4 Control Service"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
"DisplayName"="ATITool Overclocking Utility"
system32\DRIVERS\ATITool.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
"DisplayName"="avast! Antivirus"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
"DisplayName"="avast! Mail Scanner"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
"DisplayName"="avast! Web Scanner"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
"DisplayName"="WLAN miniUSB Adapter Driver"
system32\DRIVERS\EU3USB.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
"DisplayName"="Intel(R) PROSet/Wireless Event Log"
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
"DisplayName"="Hamachi Network Interface"
system32\DRIVERS\hamachi.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
"DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
system32\DRIVERS\HDAudBus.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
"DisplayName"="Microsoft HID Class-stuurprogramma"
system32\DRIVERS\hidusb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
"DisplayName"="Service for Realtek HD Audio (WDM)"
system32\drivers\RtkHDAud.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
"DisplayName"="Intel GV3-processorstuurprogramma"
system32\DRIVERS\intelppm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
"DisplayName"="Stuurprogramma voor muis-HID"
system32\DRIVERS\mouhid.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
"DisplayName"="ATK0100 ACPI UTILITY"
system32\DRIVERS\ATKACPI.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
"DisplayName"="Intel(R) PROSet/Wireless Registry Service"
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
"DisplayName"="Remote Registry"
%SystemRoot%\system32\svchost.exe -k LocalService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
system32\DRIVERS\rimsptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
system32\DRIVERS\risdptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
"DisplayName"="Intel(R) PROSet/Wireless Service"
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
"DisplayName"="WLAN-transport"
system32\DRIVERS\s24trans.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
"DisplayName"="ServOMatic: sever"
C:\Program Files\Kwakkelflap\Service\ServOM.exe 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
system32\DRIVERS\smserial.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
"DisplayName"="Stuurprogramma voor USB-scanner"
system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
"DisplayName"="VirtualFD"
\??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
"DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
system32\DRIVERS\w39n51.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
"DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
%SystemRoot%\System32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
no imagepath value found
— SECURITYPROVIDERS regkey —
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
— SVCHOST regkey —
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
HTTPFilter: HTTPFilter\0\0
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
Usnsvc: usnsvc\0\0
— STARTUP FOLDERS —
C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
— TASK SCHEDULER JOBS —
no .job files found
— File associations —
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1"
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
FINISHED
——————————————————————————
Je zegt het maar als ik nog iets moet doen !!!
Nog een 'grappige' anekdote: toen vundofix alle .dll's verwijderde en een kopie achterhielt in de 'backup' map, herkende Avast antivirus de bedreiging wel ineens… :roll:
Ik heb toen voor 'geen actie' gekozen, omdat ik vermoed dat die backup wel veilig is
De andere gebruikers van de computer vertelden me ook dat avast blijkbaar de bedreiging (ik vermoed in de vorm van die .dll) herkende, maar dat ze terugkwamen (of iets in die aard) na elke herstart of na verloop van tijd…
Nogmaals hartelijk dank voor je tijd en inzet!
- Nog even melden wat spyware search & destroy heeft gevonden na bovenstaande acties:
-Curepcsolution
-Doubleclick
-Hitbox
-Mediaplex
-ReliableStats
-Smitfraud-C.Toolbar888
-Statcounter
-Winsoftware.Winantiviruspro2006
met vriendelijke groet
Kristof - Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:
[b:999e186862]O2 - BHO: (no name) - {CC35C10F-0271-4BF8-839C-7B55B6146592} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ynaucuoi.dll",setvm[/b:999e186862]
Klik daarna op "Fix checked" en sluit HijackThis af.
Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.reg
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
[code:1:999e186862]REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=-
[/code:1:999e186862]
Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.
Maak een nieuwe log met reglooks en post deze. - REGLOOKS logfile
version 0.940
za 10/03/2007 19:30:13,82
running from: "C:\Documents and Settings\Danny\Bureaublad"
— SSODL regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"
— STS regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found
— USERINIT regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
— SHELL regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"
— SYSTEM regkey —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""
— APPINIT_DLLS regkey —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""
— NOTIFY regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found
— RUN / LOAD regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""
— BOOTEXECUTE regkey —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0
— SHELLEXECUTEHOOKS regkey —
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
— AUTORUN regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
"AutoRun"=""
— HKLM\Run regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"SMSERIAL"="sm56hlpr.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
— HKLM\RunOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found
— HKLM\RunOnceEx regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found
— HKLM\RunServices regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKLM\RunServicesOnce regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKCU\Run regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
— HKCU\RunOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found
— HKCU\RunOnceEx regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist
— HKCU\RunServices regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
regkey does not exist
— HKCU\RunServicesOnce regkeys —
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
regkey does not exist
— HKLM\Explorer\Run regkeys —
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— HKCU\Explorer\Run regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
regkey does not exist
— Image File Execution regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found
— BROWSER HELPER OBJECTS regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
— TOOLBAR regkeys —
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
regkey does not exist
— URLSEARCHHOOKS regkeys —
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found
— SRCEENSAVER regkey —
HKEY_CURRENT_USER\Control Panel\Desktop
"SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"
— CONTEXTMENUHANDLERS regkeys —
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
— SAFEBOOT MINIMAL SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found
— SAFEBOOT NETWORK SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
no unknown services found
— SERVICES —
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
"DisplayName"="avast! Asynchronous Virus Monitor"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
"DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
system32\DRIVERS\AegisP.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
"DisplayName"="avast! Standard Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
"DisplayName"="aswRdr"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
"DisplayName"="avast! Network Shield Support"
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
"DisplayName"="avast! iAVS4 Control Service"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
"DisplayName"="ATITool Overclocking Utility"
system32\DRIVERS\ATITool.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
"DisplayName"="avast! Antivirus"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
"DisplayName"="avast! Mail Scanner"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
"DisplayName"="avast! Web Scanner"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
"DisplayName"="WLAN miniUSB Adapter Driver"
system32\DRIVERS\EU3USB.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
"DisplayName"="Intel(R) PROSet/Wireless Event Log"
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
"DisplayName"="Hamachi Network Interface"
system32\DRIVERS\hamachi.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
"DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
system32\DRIVERS\HDAudBus.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
"DisplayName"="Microsoft HID Class-stuurprogramma"
system32\DRIVERS\hidusb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
"DisplayName"="Service for Realtek HD Audio (WDM)"
system32\drivers\RtkHDAud.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
"DisplayName"="Intel GV3-processorstuurprogramma"
system32\DRIVERS\intelppm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
"DisplayName"="Stuurprogramma voor muis-HID"
system32\DRIVERS\mouhid.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
"DisplayName"="ATK0100 ACPI UTILITY"
system32\DRIVERS\ATKACPI.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
"DisplayName"="Intel(R) PROSet/Wireless Registry Service"
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
"DisplayName"="Remote Registry"
%SystemRoot%\system32\svchost.exe -k LocalService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
system32\DRIVERS\rimsptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
system32\DRIVERS\risdptsk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
"DisplayName"="Intel(R) PROSet/Wireless Service"
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
"DisplayName"="WLAN-transport"
system32\DRIVERS\s24trans.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
"DisplayName"="ServOMatic: sever"
C:\Program Files\Kwakkelflap\Service\ServOM.exe 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
system32\DRIVERS\smserial.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
"DisplayName"="Stuurprogramma voor USB-scanner"
system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
"DisplayName"="VirtualFD"
\??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
"DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
system32\DRIVERS\w39n51.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
"DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
%SystemRoot%\System32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
no imagepath value found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
no imagepath value found
— SECURITYPROVIDERS regkey —
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
— SVCHOST regkey —
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
HTTPFilter: HTTPFilter\0\0
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
Usnsvc: usnsvc\0\0
— STARTUP FOLDERS —
C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
— TASK SCHEDULER JOBS —
no .job files found
— File associations —
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1"
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
FINISHED
Met vriendelijke groet
Kristof - Ziet er weer goed uit Kristof.
Zijn er nog problemen? - Nee, niet meer denk ik!
Hartelijk dank voor de moeite, zonder hulp was het zeker niet gelukt!
Maar hoe kan ik deze situatie's het best vermijden?
Ik gebruik op de computers altijd:
-avast antivirus home edition
-spyware search & destroy
Maar de overige gezinsleden preferen internet explorer boven firefox…Is dit een verkeerde keuze? Ik heb namelijk op mijn pc met firefox zelden tot nooit last van dergelijke problemen!
Nogmaals hartelijk dank!!! - Firefox is minder vatbaar voor infecties dan IE.
Als je Spybot Search & Destroy gebruikt moet je zeker ook TeaTimer inschakelen. Teatimer geeft je een melding wanneer bepaalde registersleutels, die oa door malware misbruikt kunnen worden, gewijzigd worden.
Voor de rest uitkijken waar je surft, wat je downloadt en werk steeds met geupdate anti-malware bestrijders.
Zorg ook dat je windows steeds geupdate is.
Meer preventietips vind je hier.
Happy surfing again Kristof. :wink:
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.