Vraag & Antwoord
rightonadz
25 antwoorden
- oja ik heb gzmrotate in opstart uitgeschakeld!!!!
- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:52, on 26-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 6201 bytes - Ik heb maar vast een systeemscan gemaakt ik hoop dat je er verder mee kan?
Groeten Leen. - Weet je zeker dat je de goede file hebt geupload 8)
USD_1.34.8_BlackManos_Pack_13.42.rar
Hoe is het inmiddels met je problemen?
Pim - Download Hijackthis-setup naar je [u:0451b768dd]Bureaublad[/u:0451b768dd].
Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
Kies nu voor [b:0451b768dd]'Do a system scan and save a logfile'[/b:0451b768dd].
Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:0451b768dd]ctrl-A[/b:0451b768dd]), kopieer ([b:0451b768dd]ctrl C[/b:0451b768dd]) en plak deze tekst in je volgende bericht.
Succes! 8)
Pim - Hallo allemaal er komt steed een scherm in beeld beginnend met rightonadz. Virusscan helpt niet. Hoe kom ik daar vanaf?
bvd.Leen - zoek de naam van het programma en verwijder het!
meestal te vinden bij software
en anders onder program files in verkenner is gewoon adware - Dank voor je snelle reactie, was het maar zo makkelijk.er staat niets bij.
- Ik hoop dat ik het goed gedaan heb:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:47, on 25-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NU.nl Nieuwslezer\nunwslzr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 7080 bytes - Is prima gegaan hoor!
Start Hijackthis, kies voor [i:754f5f9c46]'Do a system scan only'[/i:754f5f9c46] en vink onderstaande regels aan:
[b:754f5f9c46]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
[/b:754f5f9c46]
Sluit nu [u:754f5f9c46]alle[/u:754f5f9c46] openstaande vensters, behalve Hijackthis en klik op [b:754f5f9c46]Fix Checked[/b:754f5f9c46].
Download: RVAXO.exe
[list:754f5f9c46]
Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map [b:754f5f9c46]RVAXO[/b:754f5f9c46] op je bureaublad en dubbeklik [b:754f5f9c46]RVAXO.cmd[/b:754f5f9c46]
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
[b:754f5f9c46]Mogelijk[/b:754f5f9c46] start er ook een uninstaller van een rogue scanner op, [b:754f5f9c46]sluit deze niet[/b:754f5f9c46] af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\[b:754f5f9c46]RVAXO-results.log[/b:754f5f9c46]
Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:754f5f9c46]doe dit dan handmatig[/b:754f5f9c46].
Post de inhoud van de logfile in je volgende bericht.
[/list:u:754f5f9c46]
Post nu de log van RVAXO en een vers Hijackthis log in je volgende bericht.
Pim - —————-RVAXO.exe first run————-
—————-RVAXO.exe first run————-
Files found:
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\adssite-remove.exe
Uninstallers Rogue scanners:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it…
————–RVAXO.exe last run—————
Files found:
Folders Found:
————–RVAXO.exe finished—————- - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:02, on 25-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 6250 bytes - Download [b:73b6698e21]Combofix[/b:73b6698e21] naar je [b:73b6698e21]bureaublad[/b:73b6698e21]
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:73b6698e21]download Combofix opnieuw[/b:73b6698e21]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op [u:73b6698e21]combofix.exe[/u:73b6698e21]
Kies voor "Continue" door [b:73b6698e21]1[/b:73b6698e21] te typen gevolgd door [b:73b6698e21]ENTER[/b:73b6698e21].
Tijdens het runnen van de fix, [b:73b6698e21]NIET[/b:73b6698e21] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:73b6698e21]combofix.txt[/b:73b6698e21] openen.
[i:73b6698e21]Plaats in je volgende antwoord het logje van combofix tesamen met een vers Hijackthis log. [/i:73b6698e21]
Succes!
Pim - ComboFix 07-11-19.3 - Windows 2007-11-25 22:11:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.209 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Windows\Application Data\inst.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))
.
2007-11-25 17:54 <DIR> d——– C:\RVAXO
2007-11-25 17:47 467,087 –a—— C:\WINDOWS\system32\RVAXO.bat
2007-11-25 17:47 69,632 –a—— C:\WINDOWS\system32\remove.exe
2007-11-25 14:47 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com
2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-25 14:22 <DIR> d——– C:\Program Files\XoftSpySE
2007-11-25 14:05 <DIR> d——– C:\Program Files\Trend Micro
2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Comodo
2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-25 01:08 <DIR> d——– C:\Program Files\Comodo
2007-11-23 18:37 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-11-22 20:20 <DIR> d——– C:\Program Files\SurfRight
2007-11-22 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-22 19:48 <DIR> d——– C:\Program Files\Wondershare
2007-11-20 20:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-18 20:05 <DIR> d——– C:\Program Files\TKexeKalender
2007-11-18 20:05 299,008 –a—— C:\WINDOWS\Uninstall_tkexe.exe
2007-11-16 21:16 <DIR> d——– C:\Program Files\Pointstone
2007-11-15 21:02 <DIR> d——– C:\Program Files\Hyves Kwekker
2007-11-14 23:52 <DIR> d——– C:\Program Files\Photomatix
2007-11-14 20:19 <DIR> d——– C:\Program Files\QRPhotoDVDSlideshow
2007-11-14 20:19 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Vso
2007-11-14 20:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-14 20:19 47,360 –a—— C:\Documents and Settings\Windows\Application Data\pcouffin.sys
2007-11-10 19:44 <DIR> d——– C:\Program Files\Zards software
2007-11-03 12:10 <DIR> d——– C:\WINDOWS\Solar System - Earth 3D
2007-11-03 12:10 16,542,720 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.exe
2007-11-03 12:10 294,912 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.scr
2007-10-31 20:40 <DIR> d——– C:\WINDOWS\MetaCreations
2007-10-31 20:39 <DIR> d——– C:\Program Files\SuperGOO
2007-10-31 20:39 302,592 –a—— C:\WINDOWS\unin0407.exe
2007-10-29 16:36 <DIR> d——– C:\Program Files\Common Files\Ankiro
2007-10-29 16:35 <DIR> d——– C:\Program Files\SPAMfighter
2007-10-29 16:35 <DIR> d——– C:\Program Files\Common Files\Application
2007-10-27 09:04 <DIR> d——– C:\Program Files\MOJOSOFT
2007-10-27 09:04 <DIR> d——– C:\Documents and Settings\Windows\Application Data\mojosoft
2007-10-26 09:44 <DIR> d——– C:\Program Files\Give Away Of The Day
2007-10-26 09:44 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2007-10-26 09:44 84,736 –a—— C:\WINDOWS\system32\drivers\StarPortLite.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:00 ——— d—–w C:\Documents and Settings\Windows\Application Data\Skype
2007-11-25 19:12 ——— d—–w C:\Documents and Settings\Windows\Application Data\AVG7
2007-11-25 16:57 ——— d—–w C:\Program Files\Hitman Pro
2007-11-25 13:46 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 22:45 ——— d—–w C:\Program Files\Spyware Doctor
2007-11-22 22:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 19:31 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-19 18:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-29 22:54 ——— d—–w C:\Program Files\IrfanView
2007-10-24 18:40 ——— d—–w C:\Program Files\FeedReader30
2007-10-21 18:05 ——— d—–w C:\Documents and Settings\Windows\Application Data\Uniblue
2007-10-21 16:11 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-10-21 16:11 ——— d—–w C:\Program Files\Reallusion
2007-10-21 16:11 ——— d—–w C:\Documents and Settings\Windows\Application Data\InstallShield
2007-10-18 19:23 ——— d—–w C:\Program Files\2nd Speech Center
2007-10-15 18:46 27,648 —-a-w C:\WINDOWS\instearth.exe
2007-10-07 18:12 ——— d—–w C:\Program Files\Astro Gemini Software
2007-10-03 18:48 ——— d—–w C:\Documents and Settings\Windows\Application Data\Feedreader
2007-09-29 18:29 ——— d—–w C:\Documents and Settings\Windows\Application Data\Eltima Software
2007-09-29 18:28 ——— d—–w C:\Program Files\Advanced Registry Doctor
2007-09-29 18:26 ——— d—–w C:\Program Files\Skype Recorder
2007-09-29 18:23 ——— d—–w C:\Program Files\Kiyut
2007-09-29 17:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\.citra
2007-09-26 11:06 ——— d—–w C:\Program Files\ASTRA32
2007-09-20 12:43 253,952 —-a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
2007-09-17 15:02 266,240 —-a-w C:\WINDOWS\system32\Photomatix25Lib.dll
2007-09-06 04:35 95,525 —-a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk
backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk]
path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:03 15360 –a—— C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
C:\Program Files\FeedReader30\feedreader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-12-12 01:40 196608 –a—— C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 06:21 57344 –a—— C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 –a—— C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
C:\Program Files\Skype Recorder\Skype Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
C:\Program Files\SPAMfighter\SFAgent.exe update delay 60
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 –a—— C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 20:30 68856 –a—— C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}]
\Shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 22:13:53
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-11-25 22:14:58
.
— E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:01, on 25-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 6217 bytes - Ga naar de website van jotti: http://virusscan.jotti.org/
In het venster 'File to upload & scan' kopieer je het volgende:
[b:5d518897fe]C:\WINDOWS\system32\zlzxpwmn.jbv [/b:5d518897fe]
Klik vervolgens op Submit en plaats de uitslag in je volgende post.
Herhaal dit voor:
[b:5d518897fe]
C:\WINDOWS\system32\drivers\ctredrv.sys
[/b:5d518897fe]
Pim - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Beste Pim ik heb alles uitgeschakeld staan en nog vind hij het niet en komt met bovenstaande regel.
Ik heb ook zelf gegeken maar kan het ook niet vinden in systeem 32
( Je bent er maar druk mee )
Gr.Leen. - Last file scanned at least one scanner reported something about: USD_1.34.8_BlackManos_Pack_13.42.rar (MD5: 7d993ca8745b943b56854171aa9a65ec, size: 7778096 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus Dropper.Delf.OU
BitDefender X
ClamAV X
CPsecure X
Dr.Web Trojan.MulDrop.9120
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Trojan.MulDrop.9120 - ComboFix 07-11-19.4 - Windows 2007-11-26 14:26:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.215 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))
.
2007-11-25 17:54 <DIR> d——– C:\RVAXO
2007-11-25 17:47 467,087 –a—— C:\WINDOWS\system32\RVAXO.bat
2007-11-25 17:47 69,632 –a—— C:\WINDOWS\system32\remove.exe
2007-11-25 14:47 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com
2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-25 14:22 <DIR> d——– C:\Program Files\XoftSpySE
2007-11-25 14:05 <DIR> d——– C:\Program Files\Trend Micro
2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Comodo
2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-25 01:08 <DIR> d——– C:\Program Files\Comodo
2007-11-23 18:37 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
2007-11-22 20:20 <DIR> d——– C:\Program Files\SurfRight
2007-11-22 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
2007-11-22 19:48 <DIR> d——– C:\Program Files\Wondershare
2007-11-20 20:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-18 20:05 <DIR> d——– C:\Program Files\TKexeKalender
2007-11-18 20:05 299,008 –a—— C:\WINDOWS\Uninstall_tkexe.exe
2007-11-16 21:16 <DIR> d——– C:\Program Files\Pointstone
2007-11-15 21:02 <DIR> d——– C:\Program Files\Hyves Kwekker
2007-11-14 23:52 <DIR> d——– C:\Program Files\Photomatix
2007-11-14 20:19 <DIR> d——– C:\Program Files\QRPhotoDVDSlideshow
2007-11-14 20:19 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Vso
2007-11-14 20:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-14 20:19 47,360 –a—— C:\Documents and Settings\Windows\Application Data\pcouffin.sys
2007-11-10 19:44 <DIR> d——– C:\Program Files\Zards software
2007-11-03 12:10 <DIR> d——– C:\WINDOWS\Solar System - Earth 3D
2007-11-03 12:10 16,542,720 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.exe
2007-11-03 12:10 294,912 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.scr
2007-10-31 20:40 <DIR> d——– C:\WINDOWS\MetaCreations
2007-10-31 20:39 <DIR> d——– C:\Program Files\SuperGOO
2007-10-31 20:39 302,592 –a—— C:\WINDOWS\unin0407.exe
2007-10-29 16:36 <DIR> d——– C:\Program Files\Common Files\Ankiro
2007-10-29 16:35 <DIR> d——– C:\Program Files\SPAMfighter
2007-10-29 16:35 <DIR> d——– C:\Program Files\Common Files\Application
2007-10-27 09:04 <DIR> d——– C:\Program Files\MOJOSOFT
2007-10-27 09:04 <DIR> d——– C:\Documents and Settings\Windows\Application Data\mojosoft
2007-10-26 09:44 <DIR> d——– C:\Program Files\Give Away Of The Day
2007-10-26 09:44 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2007-10-26 09:44 84,736 –a—— C:\WINDOWS\system32\drivers\StarPortLite.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 11:20 ——— d—–w C:\Documents and Settings\Windows\Application Data\AVG7
2007-11-25 22:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\Skype
2007-11-25 16:57 ——— d—–w C:\Program Files\Hitman Pro
2007-11-25 13:46 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 22:45 ——— d—–w C:\Program Files\Spyware Doctor
2007-11-22 22:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 19:31 ——— d—–w C:\Program Files\SpywareBlaster
2007-11-19 18:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-29 22:54 ——— d—–w C:\Program Files\IrfanView
2007-10-24 18:40 ——— d—–w C:\Program Files\FeedReader30
2007-10-21 18:05 ——— d—–w C:\Documents and Settings\Windows\Application Data\Uniblue
2007-10-21 16:11 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-10-21 16:11 ——— d—–w C:\Program Files\Reallusion
2007-10-21 16:11 ——— d—–w C:\Documents and Settings\Windows\Application Data\InstallShield
2007-10-18 19:23 ——— d—–w C:\Program Files\2nd Speech Center
2007-10-15 18:46 27,648 —-a-w C:\WINDOWS\instearth.exe
2007-10-07 18:12 ——— d—–w C:\Program Files\Astro Gemini Software
2007-10-03 18:48 ——— d—–w C:\Documents and Settings\Windows\Application Data\Feedreader
2007-09-29 18:29 ——— d—–w C:\Documents and Settings\Windows\Application Data\Eltima Software
2007-09-29 18:28 ——— d—–w C:\Program Files\Advanced Registry Doctor
2007-09-29 18:26 ——— d—–w C:\Program Files\Skype Recorder
2007-09-29 18:23 ——— d—–w C:\Program Files\Kiyut
2007-09-29 17:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\.citra
2007-09-26 11:06 ——— d—–w C:\Program Files\ASTRA32
2007-09-20 12:43 253,952 —-a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
2007-09-17 15:02 266,240 —-a-w C:\WINDOWS\system32\Photomatix25Lib.dll
2007-09-06 04:35 95,525 —-a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk
backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk]
path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:03 15360 –a—— C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
C:\Program Files\FeedReader30\feedreader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-12-12 01:40 196608 –a—— C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 06:21 57344 –a—— C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 –a—— C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
C:\Program Files\Skype Recorder\Skype Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
C:\Program Files\SPAMfighter\SFAgent.exe update delay 60
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 –a—— C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 20:30 68856 –a—— C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 14:29:22
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-11-26 14:30:41
C:\ComboFix2.txt … 2007-11-25 22:15
.
— E O F — - [
Hoe is het inmiddels met je problemen?
Pim[/quote
Het vervelende scherm komt niet meer in beeld de computer is nog wat traag en soms opent hij niet helemaal een site en geeft dan aan dat ik het afsluiten moet. Ben net klaar met superantispyware draaien er zaten 19 adware files in en die heb ik verweiderd
waaronder 4 belangrijke de rest was cookies:
Adware.AdRotator/RightOnz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP1\A0000017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000309.EXE
Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000291.DLL
Adware.AdRotator/AdsSite
C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000310.EXE - Die files zitten in je systeemherstel, daar doen we later wel wat aan
Doe het volgende nog even:
Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19].
Het volgende doen als je ook [u:7925a57c19]FireFox[/u:7925a57c19] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:7925a57c19]Empty Selected.[/b:7925a57c19]
Het volgende doen als je ook [u:7925a57c19]Opera[/u:7925a57c19] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19].
Ga naar het tabblad "Main" en klik op de knop [b:7925a57c19]Exit[/b:7925a57c19] om het programma af te sluiten.
Heeft het geholpen?
Pim
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden