Vraag & Antwoord

Beveiliging & privacy

HijackThis logfile

Anoniem
Medievel
3 antwoorden
  • hey,
    ik heb wat problemen met men laptop en ik wou vragen of er misschien iemand van jullie eens naar men log file zou willen zien.
    het probleem was dat men pc precies in schokken werkt. dus even normaal dan heel even hangt en dan terug normaal verder doet enzo door.

    merci
    grtz

    edit oude logfile weggedaan
  • kheb gemerkt dat er vaak Combofix wordt aangeraden dus heb dat al even laten lopen en daarna terug hijackthis
    hier de logfiles, zijn er nog dingen die verwijdert moeten worden?

    [b:3696847faf]ComboFix.txt[/b:3696847faf]
    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))


    2007-05-11 23:03 <DIR> d——– C:\WINDOWS\LastGood
    2007-05-11 22:35 664 –a—— C:\WINDOWS\system32\d3d9caps.dat
    2007-05-11 22:33 <DIR> d——– C:\DOCUME~1\ADMINI~1\Contacts
    2007-05-11 21:50 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-05-11 21:30 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-11 21:30 <DIR> d——– C:\DOCUME~1\Eddy\APPLIC~1\Lavasoft
    2007-05-09 22:54 1,572,864 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-05-09 22:54 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-05-09 22:54 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-05-09 22:54 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-05-09 22:54 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-05-09 22:54 <DIR> d—s—- C:\DOCUME~1\ADMINI~1\UserData
    2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bluetooth Software
    2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    2007-05-09 22:54 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
    2007-05-09 22:38 <DIR> d——– C:\Program Files\Raxco
    2007-05-09 22:38 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-09 16:31 <DIR> d——– C:\Program Files\Leuven
    2007-05-08 20:23 <DIR> dr-h—– C:\DOCUME~1\Eddy\Onlangs geopend
    2007-05-08 17:08 17,920 –a—— C:\WINDOWS\system32\mdimon.dll
    2007-05-08 17:05 <DIR> d——– C:\Program Files\Microsoft.NET
    2007-05-07 13:04 <DIR> d——– C:\DOCUME~1\Eddy\APPLIC~1\omnitrans
    2007-05-07 12:59 <DIR> d——– C:\Program Files\Omnitrans International
    2007-05-03 18:10 <DIR> d——– C:\WINDOWS\.file_store_32


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-09 17:14:58 5,898 —-a-w C:\DOCUME~1\Eddy\APPLIC~1\wklnhst.dat
    2007-05-02 19:33:42 ——– d—–w C:\Program Files\Rubies of Eventide
    2007-04-29 09:26:30 ——– d—–w C:\Program Files\mIRC
    2007-04-12 12:29:13 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\uTorrent
    2007-04-09 16:05:34 ——– d—–w C:\Program Files\PokerAssist
    2007-04-08 08:05:01 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\U3
    2007-04-04 14:22:35 ——– d—–w C:\Program Files\Xvid
    2007-04-04 14:22:25 ——– d—–w C:\Program Files\AC3Filter
    2007-04-03 07:50:30 ——– d—–w C:\Program Files\PakSpace.com_FlashFXP.v3.4.1.1168.Cracked
    2007-04-03 07:48:52 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\FlashFXP
    2007-03-28 13:32:49 64,144 —-a-w C:\DOCUME~1\Eddy\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-03-25 08:38:55 68,384 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-25 08:38:55 437,960 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-23 12:49:10 ——– d—–w C:\DOCUME~1\Eddy\APPLIC~1\Opera
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-07 12:55:17 ——– d—–w C:\Program Files\MoparScape
    2007-02-20 11:48:07 34,988 —-a-w C:\WINDOWS\War3Unin.dat
    2007-02-20 11:14:46 2,829 —-a-w C:\WINDOWS\War3Unin.pif
    2007-02-20 11:14:46 126,976 —-a-w C:\WINDOWS\War3Unin.exe
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll
    2007-02-05 18:21:59 1,168 —-a-w C:\WINDOWS\mozver.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
    "{2F85D76C-0569-466F-A488-493E6BD0E955}"="C:\Program Files\Windows Desktop Search\dsWebAllow.dll"
    "{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
    "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar3.dll"
    "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\Windows Live Toolbar\msntb.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
    "HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
    "LMgrOSD"="C:\\Program Files\\Launch Manager\\OSD.exe"
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
    "AVManager"="\"C:\\Program Files\\Wistron\\AVManager\\AVManager.exe\""
    "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
    @=""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
    "PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
    "AntivirusRegistration"="c:\\program files\\antivirus offer\\etrust antivirus registration\\EzAntivirusRegistrationCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll"


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages msv1_0\0\0
    Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages scecli\0\0




    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter HTTPFilter\0\0
    LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService DnsCache\0\0
    DcomLaunch DcomLaunch\0TermService\0\0
    rpcss RpcSs\0\0
    bthsvcs BthServ\0\0
    imgsvc StiSvc\0\0
    termsvcs TermService\0\0

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-11 23:33:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden services …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe?0???X??????|x??|????q??|?j?wQj?w????????,??? ???????????????`??????|????????l?????@????????????????s???????s???sx??s@??????????????|h??sp??????????s?????????????????C?sc"?sx??s???????w??@?N'?sd???=5@?p??????????

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-11 23:33:43
    C:\ComboFix-quarantined-files.txt … 2007-05-11 23:33


    [b:3696847faf]HijackThis log[/b:3696847faf]

    Logfile of HijackThis v1.99.1
    Scan saved at 23:39:46, on 11/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Wistron\AVManager\AVManager.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [AntivirusRegistration] c:\program files\antivirus offer\etrust antivirus registration\EzAntivirusRegistrationCheck.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?0f91c8a3fa2d4bada5c2b00c320e406c
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?0f91c8a3fa2d4bada5c2b00c320e406c
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106390189065
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    alvast bedankt
  • Combofix had in dit geval geen enkele zin.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:b7e37eb464]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Eddy\Mijn documenten\Wim\PartyPoker\PartyPoker\RunApp.exe (file missing)
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    [/b:b7e37eb464]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer";) en kies [b:b7e37eb464]Extra[/b:b7e37eb464] -> [b:b7e37eb464]Mapopties…[/b:b7e37eb464]
    Controleer onder [b:b7e37eb464]Weergave[/b:b7e37eb464] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories:
    C:\Documents and Settings\Eddy\Mijn documenten\Wim\[b:b7e37eb464]PartyPoker[/b:b7e37eb464]\[b:b7e37eb464]PartyPoker[/b:b7e37eb464]\

    [b:b7e37eb464]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.