Vraag & Antwoord
Hijackthis logje
12 antwoorden
- Graag even een controle op onderstaand logje
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:21:22, on 16-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\njwamjfk.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HiJackThis_v2.exe
C:\hijackthis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {402444AC-0FF4-41A4-B3CD-30B8D1A972Fc} - C:\WINDOWS\system32\aiwahjxc.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {796FAD50-6DE0-4CC1-85C9-94381CDEE4A8} - C:\WINDOWS\system32\cbxutuv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ufqybguo.dll
O2 - BHO: (no name) - {E91E23A2-4F21-47C3-8185-C198EDE67BDE} - C:\WINDOWS\system32\oppqn.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j1201433] rundll32 C:\WINDOWS\system32\j1201433.dll sook
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qwjltxfj.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: cbxutuv - C:\WINDOWS\SYSTEM32\cbxutuv.dll
O20 - Winlogon Notify: oppqn - C:\WINDOWS\system32\oppqn.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\njwamjfk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
–
End of file - 12186 bytes - 1. * [u:9cdefbc007]Clean de Cache and Cookies in IE[/u:9cdefbc007]:
* Sluit Internet Explorer.
* Ga naar Configuratiescherm > Internet Opties > tab Algemeen
* Klik de Cookies verwijderen knop
* Klik op de Bestanden verwijderen knop ernaast
* Vink aan: Ook alle off line items verwijderen, klik OK
* [u:9cdefbc007]Clean de Cache and Cookies in Firefox[/u:9cdefbc007] (In geval Firefox geïnstalleerd is):
* Go to Extra > Opties.
* Klik Privacy in het menu.
* Klik op de knop wissen (Geschiedenis, Cookies, Cache).
* Klik OK om het venster opnieuw te sluiten.
* [u:9cdefbc007]Clean andere Temporary files + Prullenbak[/u:9cdefbc007]
* Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
* Laat het je systeem scannen op bestanden die moeten verwijderd worden
* Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
* Klik daarna op OK.
2. Download Combofix naar je [b:9cdefbc007]bureaublad[/b:9cdefbc007]
Dubbelklik op [u:9cdefbc007]combofix.exe[/u:9cdefbc007]
Volg de instructies, aanvaard de disclaimer door y of Y te typen.
Tijdens het runnen van de fix, [b:9cdefbc007]NIET[/b:9cdefbc007] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:9cdefbc007]combofix.txt[/b:9cdefbc007] openen. Bewaar dit logje.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
3. Download Dr.Web Cureit naar je bureaublad.
[list:9cdefbc007]
Dubbelklik [b:9cdefbc007]drweb-cureit.exe[/b:9cdefbc007] en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de [b:9cdefbc007]groene pijl[/b:9cdefbc007] rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Nadat de scan gedaan is, in het menu bovenaan, klik [b:9cdefbc007]File[/b:9cdefbc007] en kies [b:9cdefbc007]Save report List[/b:9cdefbc007]. Bewaar het op je bureaublad.
Sluit daarna Dr.Web Cureit.
[b:9cdefbc007]Herstart[/b:9cdefbc007] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
[/list:u:9cdefbc007]
Plaats nu het logje van combofix, dr web en een vers Hijackthis logje in je volgende bericht.
Succes!
Pim - Hierbij de logs van de diverse programma,s
ComboFix 07-08-14.4 - "Marc van Eck" 2007-08-16 22:11:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.535 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ahtsyobh.exe
C:\WINDOWS\system32\aiwahjxc.dll
C:\WINDOWS\system32\ajrbbsfj.exe
C:\WINDOWS\system32\aledqxnm.exe
C:\WINDOWS\system32\anlafagj.ini
C:\WINDOWS\system32\aswmpbmi.dll
C:\WINDOWS\system32\baehqblk.dll
C:\WINDOWS\system32\bdogoytv.dll
C:\WINDOWS\system32\bgojyajd.ini
C:\WINDOWS\system32\bhaigila.exe
C:\WINDOWS\system32\bimmrfxp.dll
C:\WINDOWS\system32\blkiyaeh.dll
C:\WINDOWS\system32\boaensjx.ini
C:\WINDOWS\system32\cbxutuv.dll
C:\WINDOWS\system32\cfprkxpl.exe
C:\WINDOWS\system32\cpmasprj.ini
C:\WINDOWS\system32\cpwxowyi.dll
C:\WINDOWS\system32\cvujgcbl.dll
C:\WINDOWS\system32\djayjogb.dll
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\dvybttdw.dll
C:\WINDOWS\system32\edkewbfa.dll
C:\WINDOWS\system32\eekpkqng.exe
C:\WINDOWS\system32\egcsnlsc.exe
C:\WINDOWS\system32\fbrhlygp.dll
C:\WINDOWS\system32\fcmqruat.exe
C:\WINDOWS\system32\fnwinhae.exe
C:\WINDOWS\system32\garqtrwq.exe
C:\WINDOWS\system32\hdvogqmi.exe
C:\WINDOWS\system32\hphvswir.dll
C:\WINDOWS\system32\hqkxqurl.exe
C:\WINDOWS\system32\htrgfabo.exe
C:\WINDOWS\system32\ipqayveh.exe
C:\WINDOWS\system32\ivbdhwho.ini
C:\WINDOWS\system32\iywoxwpc.ini
C:\WINDOWS\system32\j1201433.dll
C:\WINDOWS\system32\jajinkbq.exe
C:\WINDOWS\system32\jbeusrkl.exe
C:\WINDOWS\system32\jfxtljwq.ini
C:\WINDOWS\system32\jgafalna.dll
C:\WINDOWS\system32\joexkhbw.exe
C:\WINDOWS\system32\jrpsampc.dll
C:\WINDOWS\system32\kabktybu.dll
C:\WINDOWS\system32\kcwrowvh.exe
C:\WINDOWS\system32\klbqheab.ini
C:\WINDOWS\system32\kvoudpkf.exe
C:\WINDOWS\system32\ldvpywtk.dll
C:\WINDOWS\system32\lhtoqnaq.exe
C:\WINDOWS\system32\liesvslk.exe
C:\WINDOWS\system32\lmeupvdq.exe
C:\WINDOWS\system32\lmswtvpv.dll
C:\WINDOWS\system32\lvhfanmh.dll
C:\WINDOWS\system32\ndsyqkvi.exe
C:\WINDOWS\system32\njwamjfk.exe
C:\WINDOWS\system32\npfprbop.dll
C:\WINDOWS\system32\nqppo.bak2
C:\WINDOWS\system32\nqppo.ini
C:\WINDOWS\system32\nqppo.ini2
C:\WINDOWS\system32\nqppo.tmp
C:\WINDOWS\system32\ohwhdbvi.dll
C:\WINDOWS\system32\onlywhmk.exe
C:\WINDOWS\system32\oppqn.dll
C:\WINDOWS\system32\orcorrfi.dll
C:\WINDOWS\system32\orxsrnkf.exe
C:\WINDOWS\system32\pbgsxvgi.dll
C:\WINDOWS\system32\pgylhrbf.ini
C:\WINDOWS\system32\pkcvjaur.dll
C:\WINDOWS\system32\pobrpfpn.ini
C:\WINDOWS\system32\pqbmfhms.dll
C:\WINDOWS\system32\prfejser.exe
C:\WINDOWS\system32\puawiydy.exe
C:\WINDOWS\system32\pxfrmmib.ini
C:\WINDOWS\system32\qgqeowsw.ini
C:\WINDOWS\system32\qiinymad.exe
C:\WINDOWS\system32\qwjltxfj.dll
C:\WINDOWS\system32\rhjkvlyt.exe
C:\WINDOWS\system32\rqblbdir.dll
C:\WINDOWS\system32\ruajvckp.ini
C:\WINDOWS\system32\rwndssun.exe
C:\WINDOWS\system32\scsgxudp.dll
C:\WINDOWS\system32\smhfmbqp.ini
C:\WINDOWS\system32\sujnfnoh.exe
C:\WINDOWS\system32\tctqaamy.dll
C:\WINDOWS\system32\tnycxcwm.exe
C:\WINDOWS\system32\ttlkxgwg.exe
C:\WINDOWS\system32\ttrhgwaw.exe
C:\WINDOWS\system32\tvpnxlmf.exe
C:\WINDOWS\system32\ufqybguo.dll
C:\WINDOWS\system32\ugpnkylq.dll
C:\WINDOWS\system32\uipckpaj.exe
C:\WINDOWS\system32\umvghkig.exe
C:\WINDOWS\system32\upwtxwpv.exe
C:\WINDOWS\system32\voaalnph.exe
C:\WINDOWS\system32\vpvtwsml.ini
C:\WINDOWS\system32\vqdlsrye.dll
C:\WINDOWS\system32\vtyogodb.ini
C:\WINDOWS\system32\wdttbyvd.ini
C:\WINDOWS\system32\whxnpdfn.exe
C:\WINDOWS\system32\wswoeqgq.dll
C:\WINDOWS\system32\xghkghdt.exe
C:\WINDOWS\system32\xglbahop.exe
C:\WINDOWS\system32\xjsneaob.dll
C:\WINDOWS\system32\xtpcxkwl.exe
C:\WINDOWS\system32\ywkemufs.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_DOMAINSERVICE
——-\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))
2007-08-16 22:09 51,200 –a—— C:\WINDOWS\nircmd.exe
2007-08-16 21:35 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-16 21:31 <DIR> d——– C:\WINDOWS\system32\nl-nl
2007-08-16 21:24 33,792 –a—— C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-16 21:24 <DIR> d——– C:\WINDOWS\network diagnostic
2007-08-16 20:20 <DIR> d——– C:\hijackthis
2007-08-16 19:03 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
2007-08-16 19:03 <DIR> d——– C:\Program Files\Hitman Pro
2007-08-16 19:01 1,156 –a—— C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-16 22:00 ——— d——– C:\Program Files\Common Files\Symantec Shared
2007-08-16 19:43 ——— d——– C:\Program Files\Spyware Doctor
2007-06-27 10:41 ——— d——– C:\DOCUME~1\MARCVA~1\APPLIC~1\Talkback
2007-06-27 00:19 ——— d——– C:\DOCUME~1\MARCVA~1\APPLIC~1\PC Tools
2007-06-27 00:15 ——— d——– C:\Program Files\Picasa2
2007-06-27 00:11 ——— d——– C:\Program Files\Norton Security Scan
2007-06-27 00:06 ——— d——– C:\Program Files\Google
2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 ——— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:33 282112 ——— C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 10:14 474624 ——— C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 10:14 151552 ——— C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 10:14 1498112 ——— C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 10:14 1057280 ——— C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 10:14 1022976 ——— C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
2007-06-13 15:24 1036800 ——— C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 00:06 183296 –a—— C:\WINDOWS\system32\afbbhhji.dll
2007-06-12 23:51 183808 –a—— C:\WINDOWS\system32\ffgfhjfj.dll
2007-06-12 23:51 183296 –a—— C:\WINDOWS\system32\jhihcjcf.dll
2007-05-17 13:30 549376 –a—— C:\WINDOWS\system32\oleaut32.dll
2007-05-17 13:30 549376 ——— C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-16 17:19 86528 ——— C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:19 85504 ——— C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 683520 –a—— C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:19 683520 ——— C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:19 510976 ——— C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 ——— C:\WINDOWS\system32\dllcache\msoe.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 15:37]
"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 17:50]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 18:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 18:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 17:34 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-31 15:11]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 10:59]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-25 12:38]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-07 12:04]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InstaFinderK"="C:\Program Files\INSTAFINK\InstaFinderK_inst.exe" []
"Snelkiezer"="C:\WINDOWS\Snelkiezer_.exe" [2006-05-29 22:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-02 22:56]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 00:06]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 00:06:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 11:01:04]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S3 o1394bul;o1394bul;\??\C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\o1394bul.sys
Contents of the 'Scheduled Tasks' folder
2005-06-25 14:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2005-07-02 17:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job
2007-08-16 17:56:05 C:\WINDOWS\Tasks\HP Usg Daily FY04.job - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
2007-06-22 20:57:48 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2007-06-26 22:11:57 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe
2007-08-16 19:42:45 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 22:19:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-16 22:25:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-16 22:25
— E O F —
N2PLUGIN.DLL
C:\Program Files\Need2Find\bar\4.bin
Adware.Msearch
aiwahjxc.dll.vir
C:\QooBox\Quarantine\C\WINDOWS\system32
Adware.Crew
A0151643.dll
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP391
Adware.Crew
installer.exe
C:\WINDOWS\Downloaded Program Files
Trojan.Kenny
Verwijderd.
WebP2PInstaller.dll
C:\WINDOWS\Downloaded Program Files
Adware.PeerNet
installer.exe\data001
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer.exe
Trojan.Kenny
installer.exe\data002
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer.exe
Trojan.Kenny
installer.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
Archief bevat geinfecteerde objecten
Verplaatst.
afbbhhji.dll
C:\WINDOWS\system32
Trojan.Kenny
Verwijderd.
ffgfhjfj.dll
C:\WINDOWS\system32
Trojan.Kenny
Verwijderd.
jhihcjcf.dll
C:\WINDOWS\system32
Trojan.Kenny
Verwijderd.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:15:23, on 17-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Snelkiezer_.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Marc van Eck\Bureaublad\drweb-cureit.exe
C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\RarSFX1\cureit.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\microsoft office\office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187289382233
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
–
End of file - 12065 bytes
Alvast hartelijk dank. - Hoi Gerben3,
1. Ga naar start –> configuratiescherm –> software en verwijder daar het volgende programma, indien aanwezig:
[b:bd71367603]
Need2Find
[/b:bd71367603]
2. Start Hijackthis, kies voor [i:bd71367603]'Do a system scan only'[/i:bd71367603] en vink onderstaande regels aan:
[b:bd71367603]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
[/b:bd71367603]
Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen.
Mogelijk dat dit door Spybot S&D is ingesteld. Indien jij deze instelling niet zelf hebt ingesteld, dan mag je de volgende regel fixen:
[b:bd71367603]
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[/b:bd71367603]
Sluit nu [u:bd71367603]alle[/u:bd71367603] openstaande vensters, behalve Hijackthis en klik op [b:bd71367603]Fix Checked[/b:bd71367603].
3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:bd71367603]
File::
C:\WINDOWS\system32\afbbhhji.dll
C:\WINDOWS\system32\ffgfhjfj.dll
C:\WINDOWS\system32\jhihcjcf.dll
C:\WINDOWS\Snelkiezer.exe
Folder::
C:\Program Files\Need2Find
C:\Program Files\INSTAFINK
[/b:bd71367603]
Sla dit op op je Bureaublad als [b:bd71367603]CFScript.txt[/b:bd71367603]
Sleep [b:bd71367603]CFScript.txt[/b:bd71367603] in [b:bd71367603]ComboFix.exe[/b:bd71367603] zoals getoond in onderstaand voorbeeld :
[img:bd71367603]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:bd71367603]
Dit zal [b:bd71367603]ComboFix[/b:bd71367603] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:bd71367603]Combofix.txt[/b:bd71367603] in je volgende antwoord samen met een nieuw HijackThislogje.
Succes!
Pim. - Hierbij de nieuwe logjes:
ComboFix 07-08-14.4 - "Marc van Eck" 2007-08-17 14:39:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.605 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Marc van Eck\Bureaublad\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\afbbhhji.dll
C:\WINDOWS\system32\ffgfhjfj.dll
C:\WINDOWS\system32\jhihcjcf.dll
C:\WINDOWS\Snelkiezer.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\4.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\4.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\4.bin\NPND2FN.DLL
C:\Program Files\Need2Find\bar\4.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\000475CC
C:\Program Files\Need2Find\bar\Cache\012CC87C
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS\Snelkiezer.exe
((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))
2007-08-16 22:29 <DIR> d——– C:\DOCUME~1\MARCVA~1\DoctorWeb
2007-08-16 22:09 51,200 –a—— C:\WINDOWS\nircmd.exe
2007-08-16 21:35 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-16 21:31 <DIR> d——– C:\WINDOWS\system32\nl-nl
2007-08-16 21:24 33,792 –a—— C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-16 21:24 <DIR> d——– C:\WINDOWS\network diagnostic
2007-08-16 20:20 <DIR> d——– C:\hijackthis
2007-08-16 19:03 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
2007-08-16 19:03 <DIR> d——– C:\Program Files\Hitman Pro
2007-08-16 19:01 1,156 –a—— C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-17 10:44 ——— d——– C:\Program Files\Common Files\Symantec Shared
2007-08-17 10:24 ——— d——– C:\Program Files\Symantec
2007-08-16 19:43 ——— d——– C:\Program Files\Spyware Doctor
2007-06-27 10:41 ——— d——– C:\DOCUME~1\MARCVA~1\APPLIC~1\Talkback
2007-06-27 00:19 ——— d——– C:\DOCUME~1\MARCVA~1\APPLIC~1\PC Tools
2007-06-27 00:15 ——— d——– C:\Program Files\Picasa2
2007-06-27 00:06 ——— d——– C:\Program Files\Google
2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 ——— C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:33 282112 ——— C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 10:14 474624 ——— C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 10:14 151552 ——— C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 10:14 1498112 ——— C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 10:14 1057280 ——— C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 10:14 1022976 ——— C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
2007-06-13 15:24 1036800 ——— C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 13:30 549376 –a—— C:\WINDOWS\system32\oleaut32.dll
2007-05-17 13:30 549376 ——— C:\WINDOWS\system32\dllcache\oleaut32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 15:37]
"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 17:50]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 18:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 18:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 17:34 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-31 15:11]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 10:59]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 12:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 06:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-25 12:38]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-07 12:04]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-02 22:56]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 00:06]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 00:06:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\microsoft office\office10\OSA.EXE [2001-02-13 11:01:04]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S3 o1394bul;o1394bul;\??\C:\DOCUME~1\MARCVA~1\LOCALS~1\Temp\o1394bul.sys
Contents of the 'Scheduled Tasks' folder
2005-06-25 14:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2005-07-02 17:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job
2007-08-17 09:56:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
2007-06-22 20:57:48 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2007-08-17 13:21:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 15:00:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 15:22:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-17 15:22
C:\ComboFix2.txt … 2007-08-16 22:25
— E O F —
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:24:35, on 17-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187289382233
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
–
End of file - 10794 bytes - Dat ziet er weer goed uit!
Hoe is het met je problemen? - Geen problemen meer. Alleen kan ik oude Norton software nog noet verwijderen. Heeft misschien met de firewal te maken. Ik krijg de FTP site niet geopend. Vanavond thuis nog maar eens proberen. Verder loopt de PC weer als een zonnetje. Hartelijk dank. :wink:
- Ik snap niet echt wat je probleem is
[quote:4879f71efe]
Alleen kan ik oude Norton software nog noet verwijderen. Heeft misschien met de firewal te maken[/quote:4879f71efe]
:-? - verwijderen moet ook met een tooltje.
probeer deze eens.
Verwijder Norton m.b.v. http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/172d11361b05da508525695b005ca287/9163ea0b7308d62d80256fe000519e78?OpenDocument deze tool - Her is al gelukt. Op de PC stond nog oude software van Norton waarvan de licentie verlopen was. Thuis kon ik wel het tooltje downloaden om de software te verweideren.
Alle hartelijk dank.
Problemen opgelost. - Ahh dat bedoel je
Mooi dat het probleem is opgelost en graag gedaan! - Welke tool had je nu gebruikt ervoor?
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.