Ik werk dus met vista en dit is de eerste keer dat ik hier een logje plaats,waarschijnlijk is er niets aan de hand ,maar ik ben toch nieuwsgierig hoe het met de beveiliging gesteld is van het systeem.
In feite heb ik nog geen enkele waarschuwing of andere meldingen ontvangen,normaal wil dat zeggen dat alles in orde is , en toch wil ik het via dit logje eens te weten komen.
Alvast bedankt.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:42, on 18/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
c:\windows\system32\dwm.exe
c:\windows\system32\taskeng.exe
c:\windows\explorer.exe
c:\program files\windows defender\msascui.exe
c:\windows\rthdvcpl.exe
c:\windows\system32\rundll32.exe
c:\program files\tomtom home 2\homerunner.exe
c:\program files\ani\aniwzcs2 service\wzcsldr2.exe
c:\program files\d-link\d-link wireless n dwa-140\airncfg.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\gadwin systems\printscreen\printscreen.exe
c:\windows\ehome\ehtray.exe
c:\program files\picasa2\picasamediadetector.exe
c:\program files\bullguard software\bullguard\bullguard.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\program files\supercleaner\supercleaner.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\google\google updater\googleupdater.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\internet explorer\ieuser.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hkcu\software\microsoft\internet explorer\main,start page = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hklm\software\microsoft\internet explorer\main,start page = http://go.microsoft.com/fwlink/?linkid=69157
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.615.5858\sw g.dll
o3 - toolbar: systran web translator 5.0 - {a5899b52-3af9-4f56-85fe-ad7b3be8490f} - c:\program files\systran\5.0\personal\ieplugin.dll
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [rthdvcpl] rthdvcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [nvsvc] rundll32.exe c:\windows\system32\nvsvc.dll,nvsvcstart
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\ahead\lib\nerocheck.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [brmfcwnd] c:\program files\brother\brmfcmon\brmfcwnd.exe /autorun
o4 - hklm\..\run: [controlcenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
o4 - hklm\..\run: [bullguard] c:\program files\bullguard software\bullguard\bullguard.exe -boot
o4 - hklm\..\run: [tomtomhome.exe] c:\program files\tomtom home 2\homerunner.exe -s
o4 - hklm\..\run: [msconfig] c:\windows\system32\msconfig.exe /auto
o4 - hklm\..\run: [aniwzcs2service] c:\program files\ani\aniwzcs2 service\wzcsldr2.exe
o4 - hklm\..\run: [d-link d-link wireless n dwa-140] c:\program files\d-link\d-link wireless n dwa-140\airncfg.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] c:\program files\common files\ahead\lib\nmbgmonitor.exe
o4 - hkcu\..\run: [gadwin printscreen 3.5] c:\program files\gadwin systems\printscreen\printscreen.exe /nosplash
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [picasa media detector] c:\program files\picasa2\picasamediadetector
o4 - hkcu\..\run: [bullguard] c:\program files\bullguard software\bullguard\bullguard.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
o4 - hkcu\..\run: [supercleaner] c:\program files\supercleaner\supercleaner.exe /h/b
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [tracks eraser pro] c:\program files\acesoft\tracks eraser pro\te.exe min
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - global startup: google updater.lnk = c:\program files\google\google updater\googleupdater.exe
o8 - extra context menu item: diaryone: save full text - c:\program files\diaryone\script\fullcatcher.htm
o8 - extra context menu item: diaryone: save selected text - c:\program files\diaryone\script\catcher.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o13 - gopher prefix:
o16 - dpf: {02bf25d5-8c17-4b23-bc80-d3488abddc6b} (quicktime object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/quicktime/qtactivex/qtplugin.cab
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - http://download.divx.com/player/divxbrowserplugin.cab
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} (java runtime environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
o23 - service: bullguard liveupdate (bglivesvc) - bullguard software - c:\program files\bullguard software\bullguard\bullguardupdate.exe
o23 - service: firebird server - magix instance (firebirdservermagixinstance) - magix® - c:\program files\magix\common\database\bin\fbserver.exe
o23 - service: google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: protexislicensing - unknown owner - c:\windows\system32\psiservice.exe
o23 - service: sisoftware database agent service (sandradatasrv) - sisoftware - c:\program files\sisoftware\sisoftware sandra lite xi.sp1a\win32\rpcdatasrv.exe
o23 - service: sisoftware sandra agent service (sandrathesrv) - sisoftware - c:\program files\sisoftware\sisoftware sandra lite xi.sp1a\rpcsandrasrv.exe
o23 - service: upnpservice - magix ag - c:\program files\common files\magix shared\upnpservice\upnpservice.exe
--
end of file - 8893 bytes

Hoi,

kun je eens een normaal logje posten, zonder al die kleurtjes dus!! Dit is zeer lastig om te analyseren. --> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

sorry ik dacht dat de kleurtjes handig waren om te analyseren.
Hier een ander logje,ondertussen heb ik wel een virus opgelopen , met het downloaden van een programma, nu is het zo dat ik het bewuste programma niet meer kan verwijderen omdat ik daarvoor geen rechten heb.
Ik heb al systeemherstel uitgevoerd en dat heeft dus geen resultaten opgeleverd , het programma staat er dus nog altijd.
Ik heb dus alleen rechten op mijn pc en niemand anders.toch ben ik die rechten kwijt om het programma (en het verborgen virus) te verwijderen.
Het virus draagt de naam Packer.PE spin.A.
Momenteel wordt dus alles gescand en waarschijnlijk krijg ik een oplossing aangeboden zoniet kom ik nog wel eens hier terecht.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:09, on 19/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\BullGuard Software\BullGuard\BGScan.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 9044 bytes

Hoi urbain,

ben je aangemeld als administrator? Dat is wel nodig om dingen te verwijderen/aanpassen in Vista.

Open HijackThis, klik op do a scan only en vink volgende regels aan:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

Hier dan het resultaat van combofix.en daaronder hijackthis.
Als ik de pc opstart verschijnt er geen welkomsscherm en kan ik bijgevolg niet kiezen welke rechten ik zal hebben,naar mijn mening ben ik dus admistrator maar zeker weet ik het niet.


ComboFix 08-01-18.5 - Gebruiker 2008-01-19 11:52:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.999 [GMT 1:00]
Gestart vanuit: C:\Users\Gebruiker\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))
.
2008-01-19 11:51 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-18 15:05 . 2008-01-18 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 21:09 . 2008-01-17 13:23 88 -r-hs---- C:\Windows\System32\D9D8A27311.sys
2008-01-13 00:18 . 2008-01-13 00:18 <DIR> d-------- C:\Windows\Corel
2008-01-13 00:18 . 2008-01-13 00:18 <DIR> d-------- C:\Program Files\KnockOut 2
2008-01-13 00:15 . 2008-01-17 12:54 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 4
2008-01-12 22:52 . 2008-01-12 22:52 <DIR> d-------- C:\Windows\Profiles
2008-01-12 22:52 . 2008-01-12 22:52 <DIR> d-------- C:\Program Files\Prismatic Software
2008-01-12 22:52 . 2008-01-12 22:52 40,960 --a------ C:\Windows\DelPiv.exe
2008-01-12 22:50 . 2008-01-12 22:50 <DIR> d-------- C:\Program Files\VisiPics
2008-01-12 22:46 . 2008-01-12 22:46 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Obsidium
2008-01-12 22:46 . 2008-01-12 22:46 <DIR> d-------- C:\Program Files\ImageComparer
2008-01-11 17:33 . 2008-01-11 17:33 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Auslogics
2008-01-11 17:33 . 2008-01-11 17:33 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-10 15:40 . 2008-01-10 15:41 <DIR> d-------- C:\Program Files\RGBmachine 3.7
2008-01-10 11:02 . 2008-01-10 11:02 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 11:02 . 2008-01-10 11:02 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 11:02 . 2008-01-10 11:02 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 11:02 . 2008-01-10 11:02 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 11:02 . 2008-01-10 11:02 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 11:01 . 2008-01-10 11:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 11:01 . 2008-01-10 11:01 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 11:01 . 2008-01-10 11:01 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 11:01 . 2008-01-10 11:01 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 11:01 . 2008-01-10 11:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 11:01 . 2008-01-10 11:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 11:01 . 2008-01-10 11:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 11:01 . 2008-01-10 11:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 11:01 . 2008-01-10 11:01 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 11:00 . 2008-01-10 11:00 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-10 01:29 . 2008-01-18 20:25 <DIR> d-------- C:\Program Files\Acesoft
2008-01-10 01:29 . 2007-01-23 00:43 277,504 --a------ C:\Windows\System32\oestore.dll
2008-01-10 01:29 . 2004-03-09 00:00 224,016 --a------ C:\Windows\System32\TabCtl32.ocx
2008-01-10 01:29 . 2004-03-09 00:00 132,880 --a------ C:\Windows\System32\msinet.ocx
2008-01-09 03:03 . 2008-01-09 03:03 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\PCF-VLC
2008-01-07 21:47 . 2008-01-09 02:36 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\GrabIt
2008-01-06 14:07 . 2008-01-06 14:07 <DIR> d-------- C:\Program Files\GrabIt
2008-01-04 02:05 . 2008-01-04 02:05 <DIR> d-------- C:\Program Files\PureImage
2008-01-03 00:31 . 2008-01-03 00:31 <DIR> d-------- C:\Windows\MSSecurityNS
2008-01-03 00:31 . 2008-01-03 00:31 <DIR> d-------- C:\Windows\MSSecurityNi
2008-01-02 23:23 . 2008-01-02 23:25 <DIR> d-------- C:\Program Files\Greeting Card Studio
2008-01-02 22:31 . 2008-01-02 22:39 <DIR> d-------- C:\Program Files\AIMP2
2008-01-02 22:14 . 2008-01-02 22:21 <DIR> d-------- C:\Program Files\Masc software
2008-01-02 22:13 . 2008-01-02 22:21 <DIR> d-------- C:\Program Files\MASC Software BV
2008-01-02 21:16 . 2008-01-02 21:37 <DIR> d-------- C:\Program Files\MemoriesOnTV3
2008-01-02 21:16 . 2006-10-02 12:38 10,368 --a------ C:\Windows\System32\drivers\pfc.sys
2007-12-30 13:26 . 2007-12-30 13:30 <DIR> d-------- C:\Program Files\SuperCleaner
2007-12-30 00:18 . 2007-12-30 00:18 <DIR> d-------- C:\Program Files\Winspy
2007-12-30 00:18 . 2001-04-10 00:04 7,380 --a------ C:\Windows\System32\winspy.tlb
2007-12-25 20:54 . 2008-01-13 00:19 291 --a------ C:\Windows\PowerReg.dat
2007-12-25 16:01 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2007-12-24 20:03 . 2007-12-24 20:03 <DIR> d-------- C:\Program Files\Teorex
2007-12-22 12:39 . 2007-12-22 12:51 <DIR> d-------- C:\Program Files\PhotoMix
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-19 10:43 --------- d-----w C:\ProgramData\BullGuard
2008-01-19 08:44 --------- d-----w C:\ProgramData\Google Updater
2008-01-18 19:25 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\BullGuard
2008-01-17 21:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-17 21:19 --------- d-----w C:\Program Files\Directory Lister
2008-01-17 21:14 --------- d-----w C:\Program Files\WashAndGo
2008-01-17 12:29 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-17 12:23 10,852 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-01-16 23:20 --------- d---a-w C:\ProgramData\TEMP
2008-01-13 20:13 --------- d-----w C:\ProgramData\Corel
2008-01-13 20:09 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel
2008-01-11 12:17 --------- d-----w C:\ProgramData\MAGIX
2008-01-11 12:17 --------- d-----w C:\Program Files\MAGIX
2008-01-10 10:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 10:05 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 10:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 10:01 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 10:01 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 10:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 11:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-06 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 21:18 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-25 11:22 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso
2007-12-24 16:41 --------- d-----w C:\Program Files\DivX
2007-12-17 23:24 --------- d-----w C:\Program Files\DiaryOne
2007-12-16 11:21 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Yahoo!
2007-12-15 22:59 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\ACD Systems
2007-12-15 22:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Ashampoo Photo Commander 5
2007-12-15 15:37 --------- d-----w C:\ProgramData\Genie-Soft
2007-12-15 15:36 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Genie-Soft
2007-12-14 19:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\dvdcss
2007-12-14 18:53 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\DivX
2007-12-14 12:29 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2007-12-13 02:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 02:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 02:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 02:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 02:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 02:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 02:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-12 12:01 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\MAGIX
2007-12-12 10:12 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-12-12 09:35 --------- d-----w C:\Program Files\Brother
2007-12-12 08:38 --------- d-----w C:\Program Files\NT Registry Optimizer
2007-12-11 23:14 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2007-12-11 22:34 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-12-11 11:07 --------- d-----w C:\Program Files\ANI
2007-12-11 11:06 --------- d-----w C:\Program Files\D-Link
2007-12-08 16:00 --------- d-----w C:\ProgramData\ashampoo
2007-12-06 20:22 --------- d-----w C:\Program Files\Diashow pro
2007-12-04 18:38 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-12-04 18:38 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-12-04 18:36 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-12-04 18:35 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-12-04 18:35 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-12-03 20:06 --------- d-----w C:\Program Files\NCH Software
2007-12-03 19:52 --------- d-----w C:\Program Files\VSO
2007-12-03 18:40 --------- d-----w C:\ProgramData\Office Genuine Advantage
2007-12-02 13:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\VERITAS
2007-11-29 09:57 --------- d-----w C:\Program Files\xp-AntiSpy
2007-11-28 16:28 --------- d-----w C:\Program Files\Profile Picture Genius
2007-11-27 14:58 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Participatory Culture Foundation
2007-11-27 14:45 --------- d-----w C:\Program Files\Google
2007-11-22 20:49 --------- d-----w C:\ProgramData\Skype
2007-11-22 19:41 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\skypePM
2007-11-21 22:23 --------- d-----w C:\ProgramData\ESTsoft
2007-11-21 22:23 --------- d-----w C:\Program Files\ESTsoft
2007-11-21 09:48 --------- d-----w C:\Program Files\Photo Combiner
2007-11-20 13:26 499,712 ----a-w C:\Windows\System32\msvcp71.dll
2007-11-20 11:45 --------- d-----w C:\Program Files\Newzie
2007-11-19 19:50 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-19 19:50 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-19 18:39 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Hemera
2007-11-19 18:39 --------- d-----w C:\Program Files\Easy Computing
2007-11-19 18:30 --------- d-----w C:\Program Files\Common Files\Easy Computing Shared
2007-11-19 18:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-18 10:38 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 09:41 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 09:41 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 09:41 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 09:41 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 09:41 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-09-19 23:09 8 --sh--r C:\Windows\System32\B2B425D033.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 11:00 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 09:57 1101824]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2007-10-21 23:33 308552]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-27 15:45 68856]
"SuperCleaner"="C:\Program Files\SuperCleaner\SuperCleaner.exe" [2007-12-30 13:26 565248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2007-11-22 13:22 1335296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 11:28 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 08:06 1822720 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 14:29 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 23:33 308552]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-27 15:45:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2007-10-21 23:33]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sy s [2007-04-12 08:29]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-04-18 07:44]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 05:35]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 KMWDFILTER;HIDUASDesc;C:\Windows\system32\DRIVERS\ KMWDFILTER.sys [2007-04-29 16:58]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
rsmsvcs REG_MULTI_SZ ntmssvc
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{724aa651-66c6-11dc-b374-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun\Autorun.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 11:54:43
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-01-19 11:55:35
.
2008-01-19 08:45:48 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:29, on 19/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 8677 bytes

Dat ziet er goed uit hoor.
Nog problemen?

Aangezien ik mijn virusscanner heb moeten stoppen om de gemarkeerde fouten te kunnen verwijderen uit hijjackthis,heb ik dit opnieuw moeten doen.
Het resultaat was voorlopig al één virus gevonden, nu maar afwachten of deze wel verwijderd kan worden.
Indien dit niet zo zou zijn moet ik dus een rapport (gebeurd automatisch) versturen naar de makers van de virusscanner en krijg ik binnen de 48 uur deskundige uitleg,'t is wel in het engels maar het is te lezen.
Mijn scanner is bullguard en ik ben tevreden over deze.
Nu nog eens terugvallen op de rechten die ik zou moeten hebben ...... ik heb dus niet te kiezen,mijn pc start op en dat was het,normaal zou je dan eerst een scherm zien om je aan te melden ,maar ik geloof dat toen ik de pc gekocht heb aan de verkopers vermeld had dat ik alleen maar op de pc werk en waarschijnlijk hebben die het welkomsscherm uitgeschakeld zodat ik altijd admimistrator ben.
Nu is het wel zo dat ik op die manier eigenlijk nooit niet weet of ik de rechten heb,dus weet ik ook niet of alles nog normaal verloopt.
Hoe kan ik eenmaal de pc opgestart is zien of ik wel alle rechten heb ?????
Weet u dit soms ?

Hoi,

Ga naar - Configuratiescherm - Gebruikersaccounts.
Dit geeft een overzicht van de aanwezige accounts en vermeldt wat voor soort gebruiker het is.

Ok bedankt , ik ben administrator.