Volledige versie bekijken : Nazicht op Spyware
trebor 31 October 2007, 16:37 Hallo,
Ik krijg regelmatig pagina's die opstarten,zelfs als internet (Mozilla niet open staat)
Bv: http://legitonlinejobs2.blogspot.com/ en http://search-engine-optimization2.blogspot.com/
Super AntiSpyware waarschuwt ook regelmatig dat startpagina Google verandert wordt naar www.alpha.net/xl2/hp.asp(ik blokkeer dit dan)
Daarom plaats ik hier een Hijackthis logje voor nazicht
Groetjes Trebor
Logfile of HijackThis v1.99.1
Scan saved at 15:36:02, on 31/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\alads.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\alads.exe
C:\WINDOWS\alads.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Software\Spyware\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Systemic] C:\WINDOWS\alads.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192015446687
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
Juisterr 31 October 2007, 19:37 2 tooltjes aub. laten runnen.
Download dit bestand:
Deljob.exe (http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe)
Plaats het op je bureaublad.
Indien je virusscanner de download van deljob.exe blokkeert,
schakel dan tijdelijk je virusscanner uit of download de zip-versie
deljob.zip (http://members.lycos.nl/deljob/deljob.zip)
en pak deze uit naar je Bureaublad.
Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
trebor 31 October 2007, 19:56 Juisterr,
Heb beide progr.laten draaien
deljob Logje
--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning
Advanced WindowsCare V2 Pro.job
AwcProUpdate.job
--------------------------------------------------------
App data folders
Het volume in station C heeft geen naam.
Het volumenummer is 98D5-48EC
Map van C:\Documents and Settings\Trebor\Application Data
31/10/2007 12:23 <DIR> .
31/10/2007 12:23 <DIR> ..
12/10/2007 11:09 <DIR> Adobe
10/10/2007 14:34 <DIR> Ahead
31/10/2007 12:23 <DIR> ArcSoft
30/10/2007 13:52 <DIR> Azureus
29/10/2007 15:54 <DIR> Canon
29/10/2007 12:49 <DIR> F-Secure
21/10/2007 15:44 <DIR> Help
10/10/2007 10:55 <DIR> IDENTI~1 Identities
19/10/2007 14:42 <DIR> INSTAL~1 InstallShield
10/10/2007 14:00 <DIR> MACROM~1 Macromedia
15/10/2007 13:14 <DIR> MICROS~1 Microsoft
10/10/2007 12:59 <DIR> Mozilla
10/10/2007 17:20 <DIR> PCTOOL~1 PC Tools
29/10/2007 15:53 <DIR> ScanSoft
13/10/2007 15:27 <DIR> SITEAD~1 SiteAdvisor
10/10/2007 13:32 <DIR> SlySoft
24/10/2007 15:39 <DIR> SPAMFI~1 SPAMfighter
21/10/2007 16:41 <DIR> Sun
29/10/2007 13:01 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
10/10/2007 13:36 <DIR> URSoft
0 bestand(en) 0 bytes
22 map(pen) 71.201.042.432 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 98D5-48EC
Map van C:\Documents and Settings\All Users\Application Data
29/10/2007 15:53 <DIR> .
29/10/2007 15:53 <DIR> ..
10/10/2007 12:32 <DIR> Adobe
10/10/2007 13:43 <DIR> Azureus
12/10/2007 11:56 <DIR> CanonBJ
10/10/2007 17:50 <DIR> Grisoft
29/10/2007 15:53 <DIR> INSTAL~1 InstallShield
10/10/2007 12:34 <DIR> Lavasoft
13/10/2007 15:27 <DIR> McAfee
21/10/2007 15:21 <DIR> MICROS~1 Microsoft
10/10/2007 13:02 <DIR> Nero
10/10/2007 14:25 <DIR> NVIDIA
31/10/2007 11:48 <DIR> RFA_BA~1 RFA_Backups
29/10/2007 15:52 <DIR> ScanSoft
13/10/2007 15:27 <DIR> SITEAD~1 SiteAdvisor
31/10/2007 12:18 <DIR> SPYBOT~1 Spybot - Search & Destroy
29/10/2007 13:01 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
31/10/2007 12:30 <DIR> TEMP
10/10/2007 11:31 <DIR> WINDOW~1 Windows Genuine Advantage
0 bestand(en) 0 bytes
19 map(pen) 71.201.042.432 bytes beschikbaar
--------------------------------------------------------
ComboFix Logje
ComboFix 07-10-29.1 - Trebor 2007-10-31 18:43:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1200 [GMT 1:00]
Gestart vanuit: D:\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\nvrssk.dll
C:\WINDOWS\system32\nvrssl.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))
.
2007-10-31 12:23 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ArcSoft
2007-10-31 12:22 38,480 --------- C:\WINDOWS\system32\IJRMF.exe
2007-10-31 11:50 <DIR> d-------- C:\Program Files\ING
2007-10-30 13:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-29 15:54 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Canon
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ScanSoft
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-29 15:52 <DIR> d-------- C:\Program Files\ScanSoft
2007-10-29 15:52 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-10-29 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-29 15:51 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-10-29 15:49 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-10-29 15:48 <DIR> d--h----- C:\Program Files\CanonBJ
2007-10-29 15:46 <DIR> d-------- C:\Program Files\Canon
2007-10-29 15:07 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-29 14:59 <DIR> dr-h----- C:\Documents and Settings\Trebor\Onlangs geopend
2007-10-29 13:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SUPERAntiSpyware.com
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 12:56 <DIR> d-------- C:\PC-Checkup
2007-10-29 12:49 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\F-Secure
2007-10-28 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-24 15:39 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Application
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-10-24 15:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-21 16:41 <DIR> d-------- C:\WINDOWS\Sun
2007-10-21 15:08 1,045,776 --a------ C:\WINDOWS\system32\msjet35.dll
2007-10-21 15:08 803,680 --a------ C:\WINDOWS\system32\Axdist.exe
2007-10-21 15:08 407,312 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-10-21 15:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-21 15:08 287,504 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-10-21 15:08 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-10-21 15:08 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll
2007-10-21 15:08 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-10-21 15:08 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-10-21 15:07 308,224 --a------ C:\WINDOWS\IsUn0413.exe
2007-10-19 14:43 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 14:42 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\InstallShield
2007-10-19 13:08 2,069 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-10-19 12:49 2,218 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
2007-10-19 11:11 <DIR> d-------- C:\Program Files\FLVPlayer
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-12 12:27 <DIR> d-------- C:\Program Files\PowerISO
2007-10-12 11:56 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-12 11:56 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-10-12 11:32 <DIR> d-------- C:\Program Files\IObit
2007-10-12 11:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-10-12 10:41 2,181 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2007-10-12 10:40 <DIR> d-------- C:\Program Files\Illustrate
2007-10-12 10:40 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-12 10:40 36,604 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-10-12 08:42 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-10 17:59 <DIR> d-------- C:\Program Files\FireTune
2007-10-10 17:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 17:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 17:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-10 17:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-10 17:20 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\PC Tools
2007-10-10 17:20 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-10 17:20 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-10 17:20 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-10 17:20 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-10 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-10 14:21 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 14:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 14:00 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-10 13:51 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Azureus
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-10 13:42 <DIR> d-------- C:\Program Files\Azureus
2007-10-10 13:36 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-10-10 13:36 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\URSoft
2007-10-10 13:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 13:34 <DIR> d-------- C:\Program Files\Telemeter 3.0
2007-10-10 13:32 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SlySoft
2007-10-10 13:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:19 <DIR> d-------- C:\Program Files\SlySoft
2007-10-10 13:18 <DIR> d-------- C:\Program Files\SCREEN2EXE
2007-10-10 13:15 <DIR> d-------- C:\Program Files\Kristanix
2007-10-10 13:14 <DIR> d-------- C:\Program Files\RFA Platinum
2007-10-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-10-10 13:12 <DIR> d-------- C:\Program Files\Gadwin Systems
2007-10-10 13:09 <DIR> d-------- C:\Program Files\inKline Global
2007-10-10 13:03 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Ahead
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Nero
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-10 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-10 11:53 <DIR> d-------- C:\Program Files\Java
2007-10-10 11:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-10 11:52 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-10 11:51 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-10 11:51 <DIR> d-------- C:\Program Files\Microsoft.NET
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-29 12:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 11:53 --------- d-----w C:\Program Files\Google
2007-10-10 11:52 --------- d-----w C:\Program Files\CCleaner
2007-10-10 11:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-10 11:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-10 11:34 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 11:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 11:18 --------- d-----w C:\Program Files\Gabest
2007-10-10 11:17 --------- d-----w C:\Program Files\Xvid
2007-10-10 11:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-10 09:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-08 15:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 17:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 17:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-27 14:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 07:27 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-29 09:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-10 17:48]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2006-12-24 11:55]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\PCBooster.exe" [2006-07-12 13:59]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"Systemic"="C:\WINDOWS\alads.exe" [2007-09-15 00:29]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 21:52]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCp lDrv.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Trebor\Application Data\Microsoft\cfgmgr.vbs
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-31 15:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
"2007-10-31 13:00:18 C:\WINDOWS\Tasks\AwcProUpdate.job"
.
************************************************** ************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 18:48:09
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-31 18:49:23 - machine was rebooted
.
--- E O F ---
Hijack Logje
Logfile of HijackThis v1.99.1
Scan saved at 18:54:36, on 31/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\alads.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Software\Spyware\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Systemic] C:\WINDOWS\alads.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192015446687
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
Groetjes Trebor
Juisterr 31 October 2007, 20:50 Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
Klik op 'Fix checked' om de items te verwijderen.
Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:
Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen
Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven
Verwijder de volgende directories:
C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\
run daarna nogmaals de combofix en plaats het combologje samen met een nieuw HJT logje .
vertel ook even hoe het nu gaat.
trebor 31 October 2007, 21:21 Juisterr,
Map C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\ was al te zien in progr Files zonder verborgen mappen weer te geven,maar kon map niet verwijderen.heb dab pc opgestart in veilige modus en nu kon ik map wel verwijderen
ComboFix Logje
ComboFix 07-10-29.1 - Trebor 2007-10-31 20:12:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1377 [GMT 1:00]
Gestart vanuit: D:\Software\Spyware\combofix\combofix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))
.
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2007-10-31 20:06 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2007-10-31 12:23 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ArcSoft
2007-10-31 12:22 38,480 --------- C:\WINDOWS\system32\IJRMF.exe
2007-10-31 11:50 <DIR> d-------- C:\Program Files\ING
2007-10-30 13:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-29 15:54 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Canon
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ScanSoft
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-29 15:52 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-10-29 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-29 15:51 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-10-29 15:49 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-10-29 15:48 <DIR> d--h----- C:\Program Files\CanonBJ
2007-10-29 15:46 <DIR> d-------- C:\Program Files\Canon
2007-10-29 15:07 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-29 14:59 <DIR> dr-h----- C:\Documents and Settings\Trebor\Onlangs geopend
2007-10-29 13:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SUPERAntiSpyware.com
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 12:56 <DIR> d-------- C:\PC-Checkup
2007-10-29 12:49 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\F-Secure
2007-10-28 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-24 15:39 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Application
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-10-24 15:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-21 16:41 <DIR> d-------- C:\WINDOWS\Sun
2007-10-21 15:08 1,045,776 --a------ C:\WINDOWS\system32\msjet35.dll
2007-10-21 15:08 803,680 --a------ C:\WINDOWS\system32\Axdist.exe
2007-10-21 15:08 407,312 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-10-21 15:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-21 15:08 287,504 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-10-21 15:08 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-10-21 15:08 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll
2007-10-21 15:08 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-10-21 15:08 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-10-21 15:07 308,224 --a------ C:\WINDOWS\IsUn0413.exe
2007-10-19 14:43 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 14:42 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\InstallShield
2007-10-19 13:08 2,069 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-10-19 12:49 2,218 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
2007-10-19 11:11 <DIR> d-------- C:\Program Files\FLVPlayer
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-12 12:27 <DIR> d-------- C:\Program Files\PowerISO
2007-10-12 11:56 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-12 11:56 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-10-12 11:32 <DIR> d-------- C:\Program Files\IObit
2007-10-12 11:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-10-12 10:41 2,181 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2007-10-12 10:40 <DIR> d-------- C:\Program Files\Illustrate
2007-10-12 10:40 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-12 10:40 36,604 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-10-12 08:42 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-10 17:59 <DIR> d-------- C:\Program Files\FireTune
2007-10-10 17:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 17:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 17:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-10 17:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-10 17:20 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\PC Tools
2007-10-10 17:20 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-10 17:20 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-10 17:20 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-10 17:20 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-10 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-10 14:21 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 14:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 14:00 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-10 13:51 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Azureus
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-10 13:42 <DIR> d-------- C:\Program Files\Azureus
2007-10-10 13:36 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-10-10 13:36 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\URSoft
2007-10-10 13:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 13:34 <DIR> d-------- C:\Program Files\Telemeter 3.0
2007-10-10 13:32 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SlySoft
2007-10-10 13:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:19 <DIR> d-------- C:\Program Files\SlySoft
2007-10-10 13:18 <DIR> d-------- C:\Program Files\SCREEN2EXE
2007-10-10 13:15 <DIR> d-------- C:\Program Files\Kristanix
2007-10-10 13:14 <DIR> d-------- C:\Program Files\RFA Platinum
2007-10-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-10-10 13:12 <DIR> d-------- C:\Program Files\Gadwin Systems
2007-10-10 13:09 <DIR> d-------- C:\Program Files\inKline Global
2007-10-10 13:03 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Ahead
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Nero
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-29 12:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 11:53 --------- d-----w C:\Program Files\Google
2007-10-10 11:52 --------- d-----w C:\Program Files\CCleaner
2007-10-10 11:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-10 11:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-10 11:34 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 11:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 11:18 --------- d-----w C:\Program Files\Gabest
2007-10-10 11:17 --------- d-----w C:\Program Files\Xvid
2007-10-10 11:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-10 09:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-08 15:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 17:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 17:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-27 14:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-31_18.48.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-31 19:09:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 07:27 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-29 09:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-10 17:48]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2006-12-24 11:55]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\PCBooster.exe" [2006-07-12 13:59]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" []
"Systemic"="C:\WINDOWS\alads.exe" [2007-09-15 00:29]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 21:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCp lDrv.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Trebor\Application Data\Microsoft\cfgmgr.vbs
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-31 15:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
"2007-10-31 13:00:18 C:\WINDOWS\Tasks\AwcProUpdate.job"
.
************************************************** ************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 20:14:38
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-31 20:15:17
.
--- E O F ---
Hijack Logje
ComboFix 07-10-29.1 - Trebor 2007-10-31 20:12:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1377 [GMT 1:00]
Gestart vanuit: D:\Software\Spyware\combofix\combofix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))
.
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2007-10-31 20:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2007-10-31 20:06 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2007-10-31 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2007-10-31 12:23 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ArcSoft
2007-10-31 12:22 38,480 --------- C:\WINDOWS\system32\IJRMF.exe
2007-10-31 11:50 <DIR> d-------- C:\Program Files\ING
2007-10-30 13:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-29 15:54 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Canon
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\ScanSoft
2007-10-29 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-29 15:52 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-10-29 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-10-29 15:51 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-10-29 15:49 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-10-29 15:48 <DIR> d--h----- C:\Program Files\CanonBJ
2007-10-29 15:46 <DIR> d-------- C:\Program Files\Canon
2007-10-29 15:07 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-29 14:59 <DIR> dr-h----- C:\Documents and Settings\Trebor\Onlangs geopend
2007-10-29 13:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SUPERAntiSpyware.com
2007-10-29 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 12:56 <DIR> d-------- C:\PC-Checkup
2007-10-29 12:49 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\F-Secure
2007-10-28 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-24 15:39 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\SPAMfighter
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Application
2007-10-24 15:38 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-10-24 15:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-21 16:41 <DIR> d-------- C:\WINDOWS\Sun
2007-10-21 15:08 1,045,776 --a------ C:\WINDOWS\system32\msjet35.dll
2007-10-21 15:08 803,680 --a------ C:\WINDOWS\system32\Axdist.exe
2007-10-21 15:08 407,312 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-10-21 15:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-21 15:08 287,504 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-10-21 15:08 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-10-21 15:08 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll
2007-10-21 15:08 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-10-21 15:08 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-10-21 15:07 308,224 --a------ C:\WINDOWS\IsUn0413.exe
2007-10-19 14:43 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 14:42 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\InstallShield
2007-10-19 13:08 2,069 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-10-19 12:49 2,218 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
2007-10-19 11:11 <DIR> d-------- C:\Program Files\FLVPlayer
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-12 12:27 <DIR> d-------- C:\Program Files\PowerISO
2007-10-12 11:56 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-12 11:56 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-10-12 11:32 <DIR> d-------- C:\Program Files\IObit
2007-10-12 11:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-10-12 10:41 2,181 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2007-10-12 10:40 <DIR> d-------- C:\Program Files\Illustrate
2007-10-12 10:40 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-12 10:40 36,604 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-10-12 08:42 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-10 17:59 <DIR> d-------- C:\Program Files\FireTune
2007-10-10 17:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 17:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 17:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-10 17:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-10 17:20 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\PC Tools
2007-10-10 17:20 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-10 17:20 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-10 17:20 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-10 17:20 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-10 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-10 14:21 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-10 14:21 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 14:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 14:00 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-10 13:51 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Azureus
2007-10-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-10 13:42 <DIR> d-------- C:\Program Files\Azureus
2007-10-10 13:36 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-10-10 13:36 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\URSoft
2007-10-10 13:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 13:34 <DIR> d-------- C:\Program Files\Telemeter 3.0
2007-10-10 13:32 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\SlySoft
2007-10-10 13:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-10 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 13:19 <DIR> d-------- C:\Program Files\SlySoft
2007-10-10 13:18 <DIR> d-------- C:\Program Files\SCREEN2EXE
2007-10-10 13:15 <DIR> d-------- C:\Program Files\Kristanix
2007-10-10 13:14 <DIR> d-------- C:\Program Files\RFA Platinum
2007-10-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-10-10 13:12 <DIR> d-------- C:\Program Files\Gadwin Systems
2007-10-10 13:09 <DIR> d-------- C:\Program Files\inKline Global
2007-10-10 13:03 <DIR> d-------- C:\Documents and Settings\Trebor\Application Data\Ahead
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Nero
2007-10-10 13:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-29 12:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 11:53 --------- d-----w C:\Program Files\Google
2007-10-10 11:52 --------- d-----w C:\Program Files\CCleaner
2007-10-10 11:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-10 11:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-10 11:34 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 11:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 11:18 --------- d-----w C:\Program Files\Gabest
2007-10-10 11:17 --------- d-----w C:\Program Files\Xvid
2007-10-10 11:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-10 09:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-08 15:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 17:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 17:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-27 14:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 14:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-31_18.48.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-31 19:09:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 07:27 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-29 09:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-10 17:48]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2006-12-24 11:55]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\PCBooster.exe" [2006-07-12 13:59]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" []
"Systemic"="C:\WINDOWS\alads.exe" [2007-09-15 00:29]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 21:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCp lDrv.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Trebor\Application Data\Microsoft\cfgmgr.vbs
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-31 15:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
"2007-10-31 13:00:18 C:\WINDOWS\Tasks\AwcProUpdate.job"
.
************************************************** ************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 20:14:38
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-31 20:15:17
.
--- E O F ---
Groetjes Trebor
trebor 1 November 2007, 10:57 Juisterr,
Sorry heb 2 maal ComboFix logje geplaatst
Hier mijn Hijack Logje
Logfile of HijackThis v1.99.1
Scan saved at 9:56:34, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\alads.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
D:\Software\Spyware\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Systemic] C:\WINDOWS\alads.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192015446687
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
Groetjes Trebor
trebor 1 November 2007, 12:10 Juisterr,
Internet start nog steeds vanzelf op krijg dan http://affiliate-project-x2.blogspot.com/
pagina
Super AntiSpyware waarschuwt ook nog steeds regelmatig dat startpagina Google verandert wordt naar www.alpha.net/xl2/hp.asp (ik (http://www.alpha.net/xl2/hp.asp%28ik) blokkeer dit dan)
Groetjes Trebor
Juisterr 1 November 2007, 13:57 Eens kijken of dat te verhelpen is.
Download: RVAXO.exe (http://home.hetnet.nl/~stefsmeenk/RVAXO.exe)
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.
Herstarte je PC niet?
Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log
trebor 1 November 2007, 14:10 Juisterr,
RVAXO Laten draaien
RVAXO Logje
----------------RVAXO.exe first run-------------
Files found:
Uninstallers Rogue scanners:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Files found:
Folders Found:
--------------RVAXO.exe finished----------------
Hijack Logje
Logfile of HijackThis v1.99.1
Scan saved at 13:09:45, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\alads.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Software\Spyware\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Systemic] C:\WINDOWS\alads.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192015446687
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
Trebor
Juisterr 1 November 2007, 14:19 maak even een nieuw HJT logje met deze versie aub.
en hoeveel gebruikers (accounts) heb je op deze pc?
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
trebor 1 November 2007, 14:26 Juisterr,
Ik heb maar 1 account (Trebor)
Hijack Logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:10, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\alads.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Systemic] C:\WINDOWS\alads.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192015446687
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 7799 bytes
Trebor
trebor 7 November 2007, 12:32 Juisterr,
Ik zit nog steeds met het zelfde probleem
En nu start mijn pc regelmatig uit zich zelf terug op(zelfs als ik niets aan het doen ben op mijn pc)
Ik denk er aan om een Format C te doen
Groetjes Trebor
Juisterr 7 November 2007, 16:03 Toch vreemd in het logje is niks te zien wat dat kan veroorzaken misschien is er wel hardware stuk ?
trebor 7 November 2007, 17:31 Juisterr,
dit zijn de site's die ik aut.krijg en startpagina die veranderd(zie bijlage's)
Trebor
trebor 15 November 2007, 14:00 Juisterr,
Bedankt voor de moeite,maar ik had nog steeds dezelfde problemen en heb maar een Format C gedaan.
Trebor :good:
Juisterr 18 November 2007, 17:27 Ok dat werkt soms het beste helaas.
Jammer dat ik het niet vinden kon.
|
|