Vraag & Antwoord
virus?
11 antwoorden
- Hieronder een log.
Volgens mij heb ik last van een virus.
Hoe kom ik er weer van af.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:56, on 27-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\pjbrvgyl.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Blokker Bestelsoftware\Agent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\phonostar\ps_timer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pjbrvgyl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 12039 bytes - Ga naar start –> configuratiescherm –> software en verwijder daar, indien aanwezig:
[b:382c10f245]
AskTBar
[/b:382c10f245]
Download Combofix naar je Bureaublad.
[list:382c10f245]
Dubbelklik [b:382c10f245]Combofix.exe[/b:382c10f245]
Volg de instructies, aanvaard de disclaimer door "[b:382c10f245]1[/b:382c10f245]" te typen en te bevestigen via "[b:382c10f245]Enter[/b:382c10f245]".
Tijdens het runnen van de fix, [b:382c10f245]NIET[/b:382c10f245] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:382c10f245]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:382c10f245]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:382c10f245]
[b:382c10f245]Note:[/b:382c10f245] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
Succes!
Pim
- Hieronder de gevraagde log's.
Alvast bedankt.
ComboFix 07-11-19.4 - Compaq_Eigenaar 2007-11-27 18:00:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.449 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Live Safety Center.lnk
C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Online Security Guide.lnk
C:\Documents and Settings\Compaq_Eigenaar\Favorieten\Online Security Guide.lnk
C:\WINDOWS\system32\nsm12.dll
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\yvooffgr.dllbox
D:\Autorun.inf
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\LEGACY_DOMAINSERVICE
——-\DomainService
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))
.
2007-11-27 17:54 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
2007-11-26 23:00 <DIR> d——– C:\Program Files\Dcads Advanced Toolbar
2007-11-26 19:41 784,546 —hs—- C:\WINDOWS\system32\bbcbjesp.ini
2007-11-26 19:32 145,984 –a—— C:\WINDOWS\system32\yvooffgr.dll
2007-11-26 18:54 <DIR> d——– C:\Program Files\Trend Micro
2007-11-26 18:53 194,372 –a—— C:\WINDOWS\system32\adssitesuggest_uninstall.exe
2007-11-26 16:51 327,680 –a—— C:\WINDOWS\system32\adssitesuggest.dll
2007-11-26 09:29 40,960 –a—— C:\Documents and Settings\Compaq_Eigenaar\f.exe
2007-11-25 15:20 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
2007-11-25 15:20 80,105 –a—— C:\WINDOWS\system32\dcads-remove.exe
2007-11-24 21:35 147,456 –a—— C:\WINDOWS\system32\vbzip10.dll
2007-11-24 21:32 120 –a—— C:\n.bat
2007-11-24 21:31 839,700 –a—— C:\Crack.exe
2007-11-24 21:31 37,376 –a—— C:\WINDOWS\system32\urqoppm.dll
2007-11-24 21:31 5,579 –a—— C:\x.dat
2007-11-24 21:31 4,074 –a—— C:\z.dat
2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Shared
2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Incomplete
2007-11-24 20:06 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\LimeWire
2007-11-23 15:24 327,680 –a—— C:\WINDOWS\system32\dcadssuggest.dll
2007-11-21 15:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-21 15:54 <DIR> d——– C:\Program Files\videostudio 11
2007-11-21 12:07 <DIR> d——– C:\Program Files\DVD Flick
2007-11-21 12:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\DVD Flick
2007-11-20 13:18 1,431,040 –a—— C:\WINDOWS\siemens.scr
2007-11-20 13:18 1,180,128 –a—— C:\WINDOWS\kvv.scr
2007-11-20 13:18 1,034,368 –a—— C:\WINDOWS\sbb.scr
2007-11-20 13:18 829,368 –a—— C:\WINDOWS\bahnd103.scr
2007-11-20 13:18 689,088 –a—— C:\WINDOWS\fern-scr.scr
2007-11-20 13:18 688,928 –a—— C:\WINDOWS\bahnd200.scr
2007-11-20 13:18 659,136 –a—— C:\WINDOWS\alcatel.scr
2007-11-20 13:18 609,696 –a—— C:\WINDOWS\dbag.scr
2007-11-20 13:18 331,552 –a—— C:\WINDOWS\vvs.scr
2007-11-20 13:17 <DIR> d——– C:\Program Files\Traffic
2007-11-20 13:17 2,342,912 –a—— C:\WINDOWS\Traffic.scr
2007-11-20 13:17 1,163,325 –a—— C:\WINDOWS\system32\cmax20tr.ocx
2007-11-20 13:17 782,400 –a—— C:\WINDOWS\system32\cmax20u.dll
2007-11-20 13:17 327,680 –a—— C:\WINDOWS\TrafScrA.dll
2007-11-16 19:41 <DIR> d——– C:\Program Files\test
2007-11-16 19:40 299,520 –a—— C:\WINDOWS\uninst.exe
2007-11-08 07:49 <DIR> d——– C:\r14817en[1]
2007-11-05 20:21 <DIR> d——– C:\eredienst hoofddorp
2007-10-31 21:11 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Apple Computer
2007-10-29 10:49 <DIR> d——– C:\Program Files\Common Files\Ankiro
2007-10-29 10:48 <DIR> d——– C:\Program Files\Common Files\Application
2007-10-29 10:47 <DIR> d——– C:\Program Files\SPAMfighter
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 16:51 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\OpenOffice.org2
2007-11-27 16:50 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 13:40 ——— d—–w C:\Program Files\Elaborate Bytes
2007-11-24 18:41 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\gtk-2.0
2007-11-24 18:39 ——— d—–w C:\Program Files\denemo
2007-11-21 14:56 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-11-21 14:55 ——— d—–w C:\Program Files\Common Files\Ulead Systems
2007-11-21 11:36 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-21 04:35 ——— d—–w C:\Program Files\Monkey's Audio
2007-11-16 18:55 ——— d—–w C:\Program Files\capella-software
2007-11-14 12:26 ——— d—–w C:\Program Files\Blokker Bestelsoftware
2007-11-14 11:31 ——— d—–w C:\Program Files\Google
2007-11-10 08:36 ——— d—–w C:\Program Files\Tyre
2007-11-08 08:22 ——— d—–w C:\Program Files\GIMP-2.0
2007-11-01 15:48 ——— d—–w C:\Program Files\ACCESS
2007-10-30 13:30 ——— d—–w C:\Program Files\MediaMonkey
2007-10-27 17:27 ——— d—–w C:\Program Files\Blocks 5
2007-10-25 14:02 ——— d—–w C:\Program Files\Easy Album Manager
2007-10-24 10:44 ——— d—–w C:\Program Files\Winamp
2007-10-23 19:26 ——— d—–w C:\Program Files\Burger
2007-10-11 06:21 ——— d—–w C:\Program Files\Java
2007-10-01 11:15 839,702 —-a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,701 –sh–w C:\WINDOWS\Fonts\svchost.exe
2007-09-29 09:43 ——— d—–w C:\Program Files\DSC00718_002
2007-09-29 09:42 ——— d—–w C:\Program Files\DSC00718_001
2007-04-19 08:25 99,760 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
2007-04-04 11:28 342 —ha-w C:\Documents and Settings\Compaq_Eigenaar\hpothb07.dat
2007-04-04 11:28 164 —ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-04-12 08:21 8 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\usb.dat.bin
2006-03-14 13:16 0 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1777bbf7-9b92-420e-9dbc-0434224fd92a}]
2007-11-26 19:38 80960 –a—— C:\WINDOWS\system32\oclbithq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]
2007-11-24 21:31 37376 –a—— C:\WINDOWS\system32\urqoppm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
2007-11-19 11:36 64000 –a—— C:\WINDOWS\system32\spads.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-26 19:32 145984 –a—— C:\WINDOWS\system32\yvooffgr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
2007-11-26 16:51 327680 –a—— C:\WINDOWS\system32\adssitesuggest.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yvooffgr.dll [2007-11-26 19:32 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yvooffgr.dll [2007-11-26 19:32 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-06-18 15:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 15:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 11:52]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 19:58]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"ExtraFilmHemmaAgent"="C:\Program Files\Blokker Bestelsoftware\Agent.exe" [2005-05-27 14:59]
"RegistryMechanic"="" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 04:54 C:\WINDOWS\RTHDCPL.EXE]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 23:52]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"UVS11 Preload"="C:\Program Files\videostudio 11\uvPL.exe" [2007-04-12 13:23]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-04 13:00]
"18ba94f0"="C:\WINDOWS\system32\psejbcbb.dll" [2007-11-26 19:41]
C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-12 23:00:00]
Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-12 23:00:00]
OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-03-14 16:38:42]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-07-15 12:50:29]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-11 15:06:18]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
PCzapper Media Manager.lnk - C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe [2007-02-16 21:21:44]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"= C:\WINDOWS\system32\urqoppm.dll [2007-11-24 21:31 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqoppm]
urqoppm.dll 2007-11-24 21:31 37376 C:\WINDOWS\system32\urqoppm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvooffgr]
yvooffgr.dll 2007-11-26 19:32 145984 C:\WINDOWS\system32\yvooffgr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqo.dll
R2 MSSQL$PAP;MSSQL$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe" -sPAP
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S2 CTpvr Recorder;CTpvr Recorder;C:\Program Files\CTpvr\CTpvrRecorder.exe
S3 SQLAgent$PAP;SQLAgent$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlagent.EXE" -i PAP
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 18:12:54
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-11-27 18:18:13 - machine was rebooted
.
— E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:35, on 27-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Blokker Bestelsoftware\Agent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\phonostar\ps_timer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 11779 bytes - Zou je onderstaand bestand eens willen uploaden bij Jotti: http://virusscan.jotti.org
Voer bij het invulveld 'File to upload & scan in': [b:53e33efed9]C:\WINDOWS\siemens.scr[/b:53e33efed9]
Klik vervolgens op scan en post de resultaten in je volgende bericht.
Start Hijackthis, kies voor [i:53e33efed9]'Do a system scan only'[/i:53e33efed9] en vink onderstaande regels aan:
[b:53e33efed9]
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
[/b:53e33efed9]
Sluit nu [u:53e33efed9]alle[/u:53e33efed9] openstaande vensters, behalve Hijackthis en klik op [b:53e33efed9]Fix Checked[/b:53e33efed9].
Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:53e33efed9]
File::
C:\Program Files\Uninstall Ask Toolbar.dll
C:\WINDOWS\system32\bbcbjesp.ini
C:\WINDOWS\system32\yvooffgr.dll
C:\WINDOWS\system32\adssitesuggest_uninstall.exe
C:\WINDOWS\system32\adssitesuggest.dll
C:\Documents and Settings\Compaq_Eigenaar\f.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\n.bat
C:\Crack.exe
C:\WINDOWS\system32\urqoppm.dll
C:\x.dat
C:\z.dat
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
Folder::
C:\Program Files\Dcads Advanced Toolbar
C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
C:\r14817en[1]
C:\Program Files\CTpvr
Dirlook::
C:\Program Files\DSC00718_001
C:\Program Files\DSC00718_002
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1777bbf7-9b92-420e-9dbc-0434224fd92a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
"spa_start"=-
"18ba94f0"=-
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqoppm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvooffgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[/b:53e33efed9]
Sla dit op op je Bureaublad als [b:53e33efed9]CFScript.txt[/b:53e33efed9]
Sleep [b:53e33efed9]CFScript.txt[/b:53e33efed9] in [b:53e33efed9]ComboFix.exe[/b:53e33efed9] zoals getoond in onderstaand voorbeeld :
[img:53e33efed9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:53e33efed9]
Dit zal [b:53e33efed9]ComboFix[/b:53e33efed9] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:53e33efed9]Combofix.txt[/b:53e33efed9] in je volgende antwoord samen met een nieuw HijackThislogje.
Succes
Pim - Wat bedoel je precies met "onderstaand bestand" in de eerste regel?
HG
Klaas - hijackthis of combofix.exe waarschijnlijk
- Ik weet nog steeds niet welk bestand ik moet uploaden.
De rest van de instructies heb ik opgevolgd.
De rust in mijn pc is terug gekeerd.
Bedankt,
Klaas
Hieronder de logjes
ComboFix 07-11-19.4 - Compaq_Eigenaar 2007-11-28 8:52:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.461 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\Crack.exe
C:\Documents and Settings\Compaq_Eigenaar\f.exe
C:\n.bat
C:\Program Files\Uninstall Ask Toolbar.dll
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\adssitesuggest.dll
C:\WINDOWS\system32\adssitesuggest_uninstall.exe
C:\WINDOWS\system32\bbcbjesp.ini
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\urqoppm.dll
C:\WINDOWS\system32\yvooffgr.dll
C:\x.dat
C:\z.dat
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Crack.exe
C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar\selected.xml
C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Live Safety Center.lnk
C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Online Security Guide.lnk
C:\Documents and Settings\Compaq_Eigenaar\f.exe
C:\Documents and Settings\Compaq_Eigenaar\Favorieten\Online Security Guide.lnk
C:\n.bat
C:\Program Files\CTpvr
C:\Program Files\CTpvr\Channels.ini
C:\Program Files\CTpvr\ctpvr.ini
C:\Program Files\CTpvr\cttv.ini
C:\Program Files\CTpvr\epgdata\epghd.ldb
C:\Program Files\CTpvr\epgdata\epghd.mdb
C:\Program Files\CTpvr\logs\CT070208.log
C:\Program Files\Dcads Advanced Toolbar
C:\r14817en[1]
C:\r14817en[1]\disk1\disk1
C:\r14817en[1]\disk1\oemsetup.dsc
C:\r14817en[1]\disk1\OEMSETUP.INF
C:\r14817en[1]\disk1\README.TXT
C:\r14817en[1]\disk1\ric63a.cat
C:\r14817en[1]\disk1\ric63a.hl_
C:\r14817en[1]\disk1\ric63ac.dl_
C:\r14817en[1]\disk1\ric63aj.dl_
C:\r14817en[1]\disk1\ric63ak.dl_
C:\r14817en[1]\disk1\ric63al.dl_
C:\r14817en[1]\disk1\ric63ap.dl_
C:\r14817en[1]\disk1\RIC63API.dl_
C:\r14817en[1]\disk1\ric63aq.ex_
C:\r14817en[1]\disk1\ric63as.dl_
C:\r14817en[1]\disk1\ric63au.dl_
C:\r14817en[1]\disk1\ric63awk.dl_
C:\r14817en[1]\disk1\ric63awu.dl_
C:\r14817en[1]\disk1\ric63ax.dl_
C:\r14817en[1]\disk1\RIC63Ax.ex_
C:\r14817en[1]\disk1\ric63azk.dl_
C:\r14817en[1]\disk1\ric63azu.dl_
C:\r14817en[1]\disk1\TIBase64.dl_
C:\r14817en[1]\disk1\TIFmtA.dl_
C:\r14817en[1]\disk1\TrackID.dl_
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\adssitesuggest.dll
C:\WINDOWS\system32\adssitesuggest_uninstall.exe
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\bbcbjesp.ini
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\m4
C:\WINDOWS\system32\m4\ejup83122.exe
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\urqoppm.dll
C:\WINDOWS\system32\yvooffgr.dll
C:\WINDOWS\system32\yvooffgr.dllbox
C:\x.dat
C:\z.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))
.
2007-11-27 18:17 225,790 –a—— C:\temp\e002A477.exe
2007-11-27 18:16 <DIR> d——– C:\temp\abW9
2007-11-26 18:54 <DIR> d——– C:\Program Files\Trend Micro
2007-11-24 21:35 147,456 –a—— C:\WINDOWS\system32\vbzip10.dll
2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Shared
2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Incomplete
2007-11-24 20:06 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\LimeWire
2007-11-21 15:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-21 15:54 <DIR> d——– C:\Program Files\videostudio 11
2007-11-21 12:07 <DIR> d——– C:\Program Files\DVD Flick
2007-11-21 12:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\DVD Flick
2007-11-20 13:18 1,431,040 –a—— C:\WINDOWS\siemens.scr
2007-11-20 13:18 1,034,368 –a—— C:\WINDOWS\sbb.scr
2007-11-20 13:18 331,552 –a—— C:\WINDOWS\vvs.scr
2007-11-20 13:17 <DIR> d——– C:\Program Files\Traffic
2007-11-20 13:17 2,342,912 –a—— C:\WINDOWS\Traffic.scr
2007-11-20 13:17 1,163,325 –a—— C:\WINDOWS\system32\cmax20tr.ocx
2007-11-20 13:17 782,400 –a—— C:\WINDOWS\system32\cmax20u.dll
2007-11-20 13:17 327,680 –a—— C:\WINDOWS\TrafScrA.dll
2007-11-16 19:41 <DIR> d——– C:\Program Files\test
2007-11-16 19:40 299,520 –a—— C:\WINDOWS\uninst.exe
2007-11-05 20:21 <DIR> d——– C:\eredienst hoofddorp
2007-10-31 21:11 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Apple Computer
2007-10-29 10:49 <DIR> d——– C:\Program Files\Common Files\Ankiro
2007-10-29 10:48 <DIR> d——– C:\Program Files\Common Files\Application
2007-10-29 10:47 <DIR> d——– C:\Program Files\SPAMfighter
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 07:42 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\OpenOffice.org2
2007-11-28 07:17 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 17:11 ——— d—–w C:\Program Files\AskTBar
2007-11-25 13:40 ——— d—–w C:\Program Files\Elaborate Bytes
2007-11-24 18:41 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\gtk-2.0
2007-11-24 18:39 ——— d—–w C:\Program Files\denemo
2007-11-21 14:56 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-11-21 14:55 ——— d—–w C:\Program Files\Common Files\Ulead Systems
2007-11-21 11:36 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-21 04:35 ——— d—–w C:\Program Files\Monkey's Audio
2007-11-16 18:55 ——— d—–w C:\Program Files\capella-software
2007-11-14 12:26 ——— d—–w C:\Program Files\Blokker Bestelsoftware
2007-11-14 11:31 ——— d—–w C:\Program Files\Google
2007-11-10 08:36 ——— d—–w C:\Program Files\Tyre
2007-11-08 08:22 ——— d—–w C:\Program Files\GIMP-2.0
2007-11-01 15:48 ——— d—–w C:\Program Files\ACCESS
2007-10-30 13:30 ——— d—–w C:\Program Files\MediaMonkey
2007-10-27 17:27 ——— d—–w C:\Program Files\Blocks 5
2007-10-25 14:02 ——— d—–w C:\Program Files\Easy Album Manager
2007-10-24 10:44 ——— d—–w C:\Program Files\Winamp
2007-10-23 19:26 ——— d—–w C:\Program Files\Burger
2007-10-11 06:21 ——— d—–w C:\Program Files\Java
2007-09-29 09:43 ——— d—–w C:\Program Files\DSC00718_002
2007-09-29 09:42 ——— d—–w C:\Program Files\DSC00718_001
2007-04-19 08:25 99,760 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
2007-04-04 11:28 342 —ha-w C:\Documents and Settings\Compaq_Eigenaar\hpothb07.dat
2007-04-04 11:28 164 —ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-04-12 08:21 8 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\usb.dat.bin
2006-03-14 13:16 0 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\wklnhst.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
—- Directory of C:\Program Files\DSC00718_001 —-
2007-09-29 10:42 3713186 –a—— C:\Program Files\DSC00718_001\data\buildinginstruction.html
2007-09-29 10:42 1798 –a—— C:\Program Files\DSC00718_001\index.html
2007-09-29 10:42 1512 –a—— C:\Program Files\DSC00718_001\data\additional.html
—- Directory of C:\Program Files\DSC00718_002 —-
2007-09-29 10:43 5034450 –a—— C:\Program Files\DSC00718_002\data\mosaic.xml
2007-09-29 10:43 4327 –a—— C:\Program Files\DSC00718_002\data\billofmaterial.html
2007-09-29 10:43 3713298 –a—— C:\Program Files\DSC00718_002\data\buildinginstruction.html
2007-09-29 10:43 2287 –a—— C:\Program Files\DSC00718_002\index.html
2007-09-29 10:43 1822 –a—— C:\Program Files\DSC00718_002\data\xml.html
2007-09-29 10:43 1624 –a—— C:\Program Files\DSC00718_002\data\additional.html
((((((((((((((((((((((((((((( snapshot@2007-11-27_18.16.03.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-13 08:18:04 32,768 —-a-w C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
+ 2007-11-27 17:16:36 36,864 —-a-w C:\WINDOWS\system32\vtutuss.dll
+ 2007-11-28 08:00:06 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
+ 2007-11-28 08:00:09 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6}]
C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-06-18 15:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 15:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 11:52]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 19:58]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"ExtraFilmHemmaAgent"="C:\Program Files\Blokker Bestelsoftware\Agent.exe" [2005-05-27 14:59]
"RegistryMechanic"="" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 04:54 C:\WINDOWS\RTHDCPL.EXE]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 23:52]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"UVS11 Preload"="C:\Program Files\videostudio 11\uvPL.exe" [2007-04-12 13:23]
C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-12 23:00:00]
Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-12 23:00:00]
OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-03-14 16:38:42]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-07-15 12:50:29]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-11 15:06:18]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
PCzapper Media Manager.lnk - C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe [2007-02-16 21:21:44]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]
R2 MSSQL$PAP;MSSQL$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe" -sPAP
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 SQLAgent$PAP;SQLAgent$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlagent.EXE" -i PAP
S4 CTpvr Recorder;CTpvr Recorder;C:\Program Files\CTpvr\CTpvrRecorder.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 09:00:43
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-11-28 9:03:55 - machine was rebooted
C:\ComboFix2.txt … 2007-11-27 18:18
.
— E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:44, on 28-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Blokker Bestelsoftware\Agent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\phonostar\ps_timer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6} - C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 11620 bytes - Met onderstaand bestand bedoel ik dit bestand: [b:d5132fb2f3]C:\WINDOWS\siemens.scr[/b:d5132fb2f3]
Zou je die nog even kunnen laten scannen bij Jotti?
Pim - Resultaat van de scan.
Scan taken on 28 Nov 2007 15:36:00 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing - Start Hijackthis, kies voor [i:fc29b9b9d9]'Do a system scan only'[/i:fc29b9b9d9] en vink onderstaande regels aan:
[b:fc29b9b9d9]
O2 - BHO: (no name) - {C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6} - C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll (file missing)
[/b:fc29b9b9d9]
Sluit nu [u:fc29b9b9d9]alle[/u:fc29b9b9d9] openstaande vensters, behalve Hijackthis en klik op [b:fc29b9b9d9]Fix Checked[/b:fc29b9b9d9].
Zorg dat verborgen mappen en bestanden worden weergeven:
http://users.telenet.be/marcvn/spyware/1117602.htm
Verwijder onderstaande mappen:
C:\Program Files\MSN Gaming Zone\[b:fc29b9b9d9]qusozyluw[/b:fc29b9b9d9]
C:\Program Files\[b:fc29b9b9d9]AskTBar[/b:fc29b9b9d9]
Verwijder onderstaand bestand, indien aanwezig:
C:\WINDOWS\system32\m4\[b:fc29b9b9d9]ejup83122.exe.dll[/b:fc29b9b9d9]
Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
Klik op de knop [b:fc29b9b9d9]Empty Selected[/b:fc29b9b9d9].
Het volgende doen als je ook [u:fc29b9b9d9]FireFox[/u:fc29b9b9d9] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:fc29b9b9d9]Empty Selected.[/b:fc29b9b9d9]
Het volgende doen als je ook [u:fc29b9b9d9]Opera[/u:fc29b9b9d9] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:fc29b9b9d9]Empty Selected[/b:fc29b9b9d9].
Ga naar het tabblad "Main" en klik op de knop [b:fc29b9b9d9]Exit[/b:fc29b9b9d9] om het programma af te sluiten.
Post vervolgens een nieuw Hijackthis logje en meldt gelijk hoe het met je problemen is
Pim - Fix Checked op de opgegeven regel toegepast.
Mappen en bestanden waren niet aanwezig.
ATF gedraaid.
Hieronder het Hijackthis logje.
De rust in mijn PC was gisteren al teruggekeerd.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:26, on 29-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Blokker Bestelsoftware\Agent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 11491 bytes
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
