Vraag & Antwoord

Beveiliging & privacy

[hijachthis log] Wie wil dit even controleren?

Anoniem
None
14 antwoorden
  • Deze log:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:47:24, on 7/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Danny\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\jspbderl.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServOMatic: sever - Unknown owner - C:\Program Files\Kwakkelflap\Service\ServOM.exe

    —————

    Symptomen: reageert traag/loopt vast/…
    geen overmatig cpu gebruik of geheugen dat vol is…

    (ps. Ik draai een BF1942 server lan, op de achtergrond, dit veroorzaakt de problemen niet)

    Met vriendelijke groeten & bedankt!

    //edit: avast vindt steeds opnieuw een trojan ( en kan die verwijderen, maar deze komt steeds terug…)
    Ik ben niet zeker of dat alle problemen door een virus/trojan/… worden veroorzaakt, maar zonder een virusvrije windows install kan ik de HD (die ik verdenk van fouten) niet goed controleren :)
  • Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\WINDOWS\system32\jspbderl.dll
    Post het resultaat van de scan.
  • Sinds 2 uur geleden krijg ik dit bij het opstarten:
    - cannot find jspbderl.dll ……..

    Mss heeft avast het verwijderd?
    is het opgelost? (moet ik een nieuw logje plaatsen?)

    Een klein nieuw probleem: Ik krijg (met firefox!!) hier (op dit forum) een popup van winativirus (ofzo), maar dat moet met spyware search & destroy op te lossen zijn :)

    //edit: Wat moet ik eraan doen dat de 'file' nog in de lijst van HJT staat? Gewoon verwijderen?

    Mvg & bedankt voor de hulp :)
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:6288afb56e]O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\jspbderl.dll",setvm[/b:6288afb56e]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Volgens mij krijg je die popups omdat er nog steeds een infectie actief is.
    Download reglooks.exe
    Plaats het op je bureaublad.
    Dubbelklik op reglooks.exe en wacht tot er een logfile opent. Post de inhoud van deze logfile.
  • de logfile:
    REGLOOKS logfile

    version 0.940
    do 08/03/2007 18:47:27,57
    running from: "C:\Documents and Settings\Danny\Bureaublad"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    "jkhfe" "DllName"="C:\\WINDOWS\\system32\\jkhfe.dll"
    "mljkkhi" "DllName"="mljkkhi.dll"


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
    "Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
    "ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
    "ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
    "SMSERIAL"="sm56hlpr.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ynaucuoi.dll\",setvm"
    [Run\OptionalComponents]
    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    [Run\OptionalComponents\MSFS]
    "Installed"="1"


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKCU RunOnce keys found


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    regkey does not exist


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
    "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
    "{B02D75C2-54E7-4F2C-B428-717ED638728D}" FILE ="C:\\WINDOWS\\system32\\jkhfe.dll"
    "{C47A9554-195A-4769-9B13-04F15B450A39}" FILE ="C:\\WINDOWS\\system32\\mljkkhi.dll"
    "{D38439EC-4A7F-42b4-90C2-D810D7778FDD}" FILE ="C:\\WINDOWS\\system32\\cvkmabmv.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    regkey does not exist


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    only standard regkeys found


    — SRCEENSAVER regkey —

    HKEY_CURRENT_USER\Control Panel\Desktop
    "SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    no unknown services found


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    no unknown services found


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
    "DisplayName"="avast! Asynchronous Virus Monitor"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
    "DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
    system32\DRIVERS\AegisP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
    "DisplayName"="avast! Standard Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
    "DisplayName"="aswRdr"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
    "DisplayName"="avast! Network Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
    "DisplayName"="avast! iAVS4 Control Service"
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
    "DisplayName"="ATITool Overclocking Utility"
    system32\DRIVERS\ATITool.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
    "DisplayName"="avast! Antivirus"
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
    "DisplayName"="avast! Mail Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
    "DisplayName"="avast! Web Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
    "DisplayName"="WLAN miniUSB Adapter Driver"
    system32\DRIVERS\EU3USB.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
    "DisplayName"="Intel(R) PROSet/Wireless Event Log"
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
    "DisplayName"="Hamachi Network Interface"
    system32\DRIVERS\hamachi.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
    "DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
    system32\DRIVERS\HDAudBus.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    "DisplayName"="Microsoft HID Class-stuurprogramma"
    system32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
    "DisplayName"="Service for Realtek HD Audio (WDM)"
    system32\drivers\RtkHDAud.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
    "DisplayName"="Intel GV3-processorstuurprogramma"
    system32\DRIVERS\intelppm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Stuurprogramma voor muis-HID"
    system32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
    "DisplayName"="ATK0100 ACPI UTILITY"
    system32\DRIVERS\ATKACPI.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
    "DisplayName"="Intel(R) PROSet/Wireless Registry Service"
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    "DisplayName"="Remote Registry"
    %SystemRoot%\system32\svchost.exe -k LocalService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
    system32\DRIVERS\rimsptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
    system32\DRIVERS\risdptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
    "DisplayName"="Intel(R) PROSet/Wireless Service"
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
    "DisplayName"="WLAN-transport"
    system32\DRIVERS\s24trans.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
    "DisplayName"="ServOMatic: sever"
    C:\Program Files\Kwakkelflap\Service\ServOM.exe 2

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
    system32\DRIVERS\smserial.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    "DisplayName"="Stuurprogramma voor USB-scanner"
    system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
    "DisplayName"="VirtualFD"
    \??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
    "DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
    system32\DRIVERS\w39n51.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    "DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    HTTPFilter: HTTPFilter\0\0
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    Usnsvc: usnsvc\0\0


    — STARTUP FOLDERS —

    C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk


    — TASK SCHEDULER JOBS —

    no .job files found


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1";)
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED
    ——————————————————————————

    Hopelijk vind je het probleem :)

    Mvg
    Kristof
  • Download [b:74e6066b08]VundoFix.exe[/b:74e6066b08] en plaats het op je bureaublad.
    Dubbelklik VundoFix.exe om het programma te starten.
    Klik op de knop [b:74e6066b08]Scan for Vundo[/b:74e6066b08].
    Als de scan klaar is, klik je op de knop "Remove Vundo".
    Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES".
    Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen.
    Je krijgt een melding dat je PC zal afsluiten. Klik op "OK".
    Start je pc opnieuw.
    Post de inhoud van C:\vundofix.txt.
    Maak een nieuwe hijackthislog en post deze ook.
    Maak een nieuwe log met reglooks en post deze ook nog.
  • [quote:6b8ba945b3="M@rc"]
    …………
    Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen.
    ……….
    Post de inhoud van C:\vundofix.txt.
    Maak een nieuwe hijackthislog en post deze ook.
    Maak een nieuwe log met reglooks en post deze ook nog.[/quote:6b8ba945b3]

    Welke icoontjes moesten er verdwijnen op het bureaublad? (heb ik niet echt naar gekeken :oops: )

    vundofix.txt:
    VundoFix V6.3.15

    Checking Java version…

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 11:12:39 10/03/2007

    Listing files found while scanning….

    C:\WINDOWS\system32\cvkmabmv.dll
    C:\WINDOWS\system32\dwvmvydw.dll
    C:\WINDOWS\system32\efhkj.bak1
    C:\WINDOWS\system32\efhkj.bak2
    C:\WINDOWS\system32\efhkj.ini
    C:\WINDOWS\system32\jkhfe.dll
    C:\WINDOWS\system32\mljkkhi.dll
    C:\WINDOWS\system32\novqascw.dll
    C:\WINDOWS\system32\vhhhwxip.dll

    Beginning removal…

    Attempting to delete C:\WINDOWS\system32\cvkmabmv.dll
    C:\WINDOWS\system32\cvkmabmv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dwvmvydw.dll
    C:\WINDOWS\system32\dwvmvydw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efhkj.bak1
    C:\WINDOWS\system32\efhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efhkj.bak2
    C:\WINDOWS\system32\efhkj.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efhkj.ini
    C:\WINDOWS\system32\efhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfe.dll
    C:\WINDOWS\system32\jkhfe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljkkhi.dll
    C:\WINDOWS\system32\mljkkhi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vhhhwxip.dll
    C:\WINDOWS\system32\vhhhwxip.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    ——————————————————————————
    HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:21:10, on 10/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Danny\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {CC35C10F-0271-4BF8-839C-7B55B6146592} - C:\WINDOWS\system32\jkhfe.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ynaucuoi.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServOMatic: sever - Unknown owner - C:\Program Files\Kwakkelflap\Service\ServOM.exe

    ———————————————————————————-

    Log reglooks:
    REGLOOKS logfile

    version 0.940
    za 10/03/2007 11:21:41,64
    running from: "C:\Documents and Settings\Danny\Bureaublad"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    only standard or legit regkeys found


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
    "Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
    "ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
    "ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
    "SMSERIAL"="sm56hlpr.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ynaucuoi.dll\",setvm"
    [Run\OptionalComponents]
    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    [Run\OptionalComponents\MSFS]
    "Installed"="1"


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKCU RunOnce keys found


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    regkey does not exist


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
    "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
    "{CC35C10F-0271-4BF8-839C-7B55B6146592}" FILE ="C:\\WINDOWS\\system32\\jkhfe.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    regkey does not exist


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    only standard regkeys found


    — SRCEENSAVER regkey —

    HKEY_CURRENT_USER\Control Panel\Desktop
    "SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    no unknown services found


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    no unknown services found


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
    "DisplayName"="avast! Asynchronous Virus Monitor"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
    "DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
    system32\DRIVERS\AegisP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
    "DisplayName"="avast! Standard Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
    "DisplayName"="aswRdr"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
    "DisplayName"="avast! Network Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
    "DisplayName"="avast! iAVS4 Control Service"
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
    "DisplayName"="ATITool Overclocking Utility"
    system32\DRIVERS\ATITool.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
    "DisplayName"="avast! Antivirus"
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
    "DisplayName"="avast! Mail Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
    "DisplayName"="avast! Web Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
    "DisplayName"="WLAN miniUSB Adapter Driver"
    system32\DRIVERS\EU3USB.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
    "DisplayName"="Intel(R) PROSet/Wireless Event Log"
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
    "DisplayName"="Hamachi Network Interface"
    system32\DRIVERS\hamachi.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
    "DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
    system32\DRIVERS\HDAudBus.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    "DisplayName"="Microsoft HID Class-stuurprogramma"
    system32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
    "DisplayName"="Service for Realtek HD Audio (WDM)"
    system32\drivers\RtkHDAud.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
    "DisplayName"="Intel GV3-processorstuurprogramma"
    system32\DRIVERS\intelppm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Stuurprogramma voor muis-HID"
    system32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
    "DisplayName"="ATK0100 ACPI UTILITY"
    system32\DRIVERS\ATKACPI.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
    "DisplayName"="Intel(R) PROSet/Wireless Registry Service"
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    "DisplayName"="Remote Registry"
    %SystemRoot%\system32\svchost.exe -k LocalService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
    system32\DRIVERS\rimsptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
    system32\DRIVERS\risdptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
    "DisplayName"="Intel(R) PROSet/Wireless Service"
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
    "DisplayName"="WLAN-transport"
    system32\DRIVERS\s24trans.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
    "DisplayName"="ServOMatic: sever"
    C:\Program Files\Kwakkelflap\Service\ServOM.exe 2

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
    system32\DRIVERS\smserial.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    "DisplayName"="Stuurprogramma voor USB-scanner"
    system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
    "DisplayName"="VirtualFD"
    \??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
    "DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
    system32\DRIVERS\w39n51.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    "DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    HTTPFilter: HTTPFilter\0\0
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    Usnsvc: usnsvc\0\0


    — STARTUP FOLDERS —

    C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk


    — TASK SCHEDULER JOBS —

    no .job files found


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1";)
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED
    ——————————————————————————

    Je zegt het maar als ik nog iets moet doen :) !!!

    Nog een 'grappige' anekdote: toen vundofix alle .dll's verwijderde en een kopie achterhielt in de 'backup' map, herkende Avast antivirus de bedreiging wel ineens… :roll:
    Ik heb toen voor 'geen actie' gekozen, omdat ik vermoed dat die backup wel veilig is :)
    De andere gebruikers van de computer vertelden me ook dat avast blijkbaar de bedreiging (ik vermoed in de vorm van die .dll) herkende, maar dat ze terugkwamen (of iets in die aard) na elke herstart of na verloop van tijd…

    Nogmaals hartelijk dank voor je tijd en inzet! :P
  • Nog even melden wat spyware search & destroy heeft gevonden na bovenstaande acties:
    -Curepcsolution
    -Doubleclick
    -Hitbox
    -Mediaplex
    -ReliableStats
    -Smitfraud-C.Toolbar888
    -Statcounter
    -Winsoftware.Winantiviruspro2006

    met vriendelijke groet :)
    Kristof
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:999e186862]O2 - BHO: (no name) - {CC35C10F-0271-4BF8-839C-7B55B6146592} - C:\WINDOWS\system32\jkhfe.dll (file missing)
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ynaucuoi.dll",setvm[/b:999e186862]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:999e186862]REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=-

    [/code:1:999e186862]
    Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Maak een nieuwe log met reglooks en post deze.
  • REGLOOKS logfile

    version 0.940
    za 10/03/2007 19:30:13,82
    running from: "C:\Documents and Settings\Danny\Bureaublad"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    only standard or legit regkeys found


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
    "Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
    "ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
    "ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
    "SMSERIAL"="sm56hlpr.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    [Run\OptionalComponents]
    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    [Run\OptionalComponents\MSFS]
    "Installed"="1"


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKCU RunOnce keys found


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    regkey does not exist


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    regkey does not exist


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    only standard regkeys found


    — SRCEENSAVER regkey —

    HKEY_CURRENT_USER\Control Panel\Desktop
    "SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr"


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "avast" CLSID ={472083B0-C522-11CF-8763-00608CC02F24} FILE ="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    no unknown services found


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    no unknown services found


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4
    "DisplayName"="avast! Asynchronous Virus Monitor"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
    "DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.4.10.0"
    system32\DRIVERS\AegisP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2
    "DisplayName"="avast! Standard Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr
    "DisplayName"="aswRdr"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi
    "DisplayName"="avast! Network Shield Support"
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv
    "DisplayName"="avast! iAVS4 Control Service"
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATITool
    "DisplayName"="ATITool Overclocking Utility"
    system32\DRIVERS\ATITool.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus
    "DisplayName"="avast! Antivirus"
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
    "DisplayName"="avast! Mail Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
    "DisplayName"="avast! Web Scanner"
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EU3_USB
    "DisplayName"="WLAN miniUSB Adapter Driver"
    system32\DRIVERS\EU3USB.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
    "DisplayName"="Intel(R) PROSet/Wireless Event Log"
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hamachi
    "DisplayName"="Hamachi Network Interface"
    system32\DRIVERS\hamachi.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
    "DisplayName"="Microsoft UAA-busstuurprogramma voor High Definition Audio"
    system32\DRIVERS\HDAudBus.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    "DisplayName"="Microsoft HID Class-stuurprogramma"
    system32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService
    "DisplayName"="Service for Realtek HD Audio (WDM)"
    system32\drivers\RtkHDAud.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
    "DisplayName"="Intel GV3-processorstuurprogramma"
    system32\DRIVERS\intelppm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Stuurprogramma voor muis-HID"
    system32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTsensor
    "DisplayName"="ATK0100 ACPI UTILITY"
    system32\DRIVERS\ATKACPI.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
    "DisplayName"="Intel(R) PROSet/Wireless Registry Service"
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    "DisplayName"="Remote Registry"
    %SystemRoot%\system32\svchost.exe -k LocalService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rimsptsk
    system32\DRIVERS\rimsptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
    system32\DRIVERS\risdptsk.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
    "DisplayName"="Intel(R) PROSet/Wireless Service"
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
    "DisplayName"="WLAN-transport"
    system32\DRIVERS\s24trans.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServOMatic: sever
    "DisplayName"="ServOMatic: sever"
    C:\Program Files\Kwakkelflap\Service\ServOM.exe 2

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smserial
    system32\DRIVERS\smserial.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    "DisplayName"="Stuurprogramma voor USB-scanner"
    system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VirtualFD
    "DisplayName"="VirtualFD"
    \??\C:\Documents and Settings\Danny\Bureaublad\vfd21-050404\vfd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51
    "DisplayName"="Intel(R) PRO/Wireless 3945ABG Adapter Driver"
    system32\DRIVERS\w39n51.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    "DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0F7EE690-C183-413C-9664-B84C4B1F2F31}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{95181120-3C53-46CB-8019-30C46764C902}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BD4D9A52-26B1-4669-8223-8CA4FE0BAB1C}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0CBC906-DC2E-4A92-912E-1A74BE4F3932}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D6DF5AA8-EA72-4FE6-B2F6-3577CB38E57E}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    HTTPFilter: HTTPFilter\0\0
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    Usnsvc: usnsvc\0\0


    — STARTUP FOLDERS —

    C:\Documents and Settings\Danny\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk


    — TASK SCHEDULER JOBS —

    no .job files found


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1";)
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED

    Met vriendelijke groet
    Kristof
  • Ziet er weer goed uit Kristof.
    Zijn er nog problemen?
  • Nee, niet meer denk ik! :P
    Hartelijk dank voor de moeite, zonder hulp was het zeker niet gelukt!
    Maar hoe kan ik deze situatie's het best vermijden?
    Ik gebruik op de computers altijd:
    -avast antivirus home edition
    -spyware search & destroy
    Maar de overige gezinsleden preferen internet explorer boven firefox…Is dit een verkeerde keuze? Ik heb namelijk op mijn pc met firefox zelden tot nooit last van dergelijke problemen!

    Nogmaals hartelijk dank!!! :P
  • Firefox is minder vatbaar voor infecties dan IE.
    Als je Spybot Search & Destroy gebruikt moet je zeker ook TeaTimer inschakelen. Teatimer geeft je een melding wanneer bepaalde registersleutels, die oa door malware misbruikt kunnen worden, gewijzigd worden.

    Voor de rest uitkijken waar je surft, wat je downloadt en werk steeds met geupdate anti-malware bestrijders.
    Zorg ook dat je windows steeds geupdate is.

    Meer preventietips vind je hier.

    Happy surfing again Kristof. :wink:
  • Nogmaals bedankt voor de moeite :wink: (ik kan het niet genoeg zeggen :lol: )
    Ik heb TeaTime geactiveerd en het werkt goed :)

    Groeten
    Kristof

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.