Volledige versie bekijken : wat zit er fout
patrick1964 27 January 2008, 21:19 halloik zit met een probleem zoals u hier kan trug vinden http://www.minatica.be/showthread.php?t=51527 daarom ga sykke me de raad een logje te maken.zoals gevraagt doe ik dit ...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:56:45, on 27/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\csrss.exeC:\WINDOWS\system32\winlogon.exeC :\WINDOWS\system32\services.exeC:\WINDOWS\system32 \lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOW S\system32\svchost.exeC:\WINDOWS\System32\svchost. exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syste m32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\W INDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.ex eC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\s ystem32\rundll32.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctf mon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\ Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\G risoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchost. exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOW S\system32\svchost.exeC:\WINDOWS\System32\alg.exeC :\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\ service.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exeO4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Free WebSite Tools.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO20 - AppInit_DLLs: ???u?O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7779 bytesgroeten patrick
Rosty 27 January 2008, 21:41 Hoi,
je logje staat slecht geordend!! Open kladblok klik op "opmaak" en vink "automatische terugloop" uit. Doe een nieuwe scan met HijackThis en post dat logje.
patrick1964 27 January 2008, 21:52 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:51:32, on 27/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\winlogon.exeC:\WINDOWS\system32\services.e xeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 \svchost.exeC:\WINDOWS\System32\svchost.exeC:\WIND OWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ WINDOWS\system32\RunDll32.exeC:\PROGRA~1\Grisoft\A VG7\avgcc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\s ystem32\rundll32.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\system32\s ervice.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctf mon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\ PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Gris oft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avge mc.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WIN DOWS\system32\svchost.exeC:\WINDOWS\system32\wuauc lt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\msiexec.e xeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exeO4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Free WebSite Tools.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO20 - AppInit_DLLs: ?���?�?�u�?��O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7325 bytes
patrick1964 27 January 2008, 22:03 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:32, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - AppInit_DLLs: ???u?
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7325 bytes
Rosty 27 January 2008, 23:03 Hoi,
ga naar configuratiescherm -- software en verwijder daar: ContextTool
open HijackThis, klik op do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O20 - AppInit_DLLs: ???u?
Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)
Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)
Daarna post je de log van Combofix in je volgende post samen met een nieuw HijackThislog.
patrick1964 28 January 2008, 18:27 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:23:24, on 28/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\winlogon.exeC:\WINDOWS\system32\services.e xeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 \svchost.exeC:\WINDOWS\System32\svchost.exeC:\WIND OWS\system32\spoolsv.exeC:\WINDOWS\system32\RunDll 32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\WINDOWS\s ystem32\rundll32.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctf mon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\ PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Gris oft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avge mc.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WIN DOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC: \Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exeO4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Free WebSite Tools.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 6771 bytes
patrick1964 28 January 2008, 18:27 ComboFix 08-01-28.2 - brigitte 2008-01-28 17:20:01.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.240 [GMT 1:00]Se ejecuta desde: C:\Documents and Settings\brigitte.THUIS-F87675B9D\Bureaublad\ComboFix.exeADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! .(((((((((((((((((( Archivos creados desde 2007-12-28 - 2008-01-28 ))))))))))))))))))))))))))))))))).2008-01-27 20:48 . 2008-01-27 20:48 d-------- C:\Program Files\Sun2008-01-27 20:43 . 2008-01-27 20:43 74,745,240 --a------ C:\Program Files\jdk-6u4-windows-i586-p.exe2008-01-27 20:30 . 2008-01-27 20:30 1,721,043 --a------ C:\Program Files\McafeeRootkitDetective.zip2008-01-27 20:04 . 2008-01-27 20:04 d-------- C:\Program Files\FinalBurner2008-01-27 20:03 . 2008-01-27 20:03 9,380,925 --a------ C:\Program Files\fb_free.exe2008-01-27 19:56 . 2008-01-27 19:56 d-------- C:\Program Files\Trend Micro2008-01-27 19:56 . 2008-01-27 19:56 812,344 --a------ C:\Program Files\HJTInstall.exe2008-01-27 19:17 . 2008-01-27 19:17 690,136 --a------ C:\Program Files\installer-49784-840-YouTube-Downloader.exe2008-01-27 18:55 . 2008-01-27 18:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan2008-01-27 18:54 . 2008-01-27 18:57 d-------- C:\Program Files\Security Task Manager2008-01-27 18:54 . 2008-01-27 18:54 1,579,360 --a------ C:\Program Files\taskmanager17.exe2008-01-27 18:50 . 2008-01-27 18:51 d-------- C:\WINDOWS\SxsCaPendDel2008-01-27 18:44 . 2008-01-27 18:44 19 --a------ C:\WINDOWS\SoundConverter.INI2008-01-27 18:27 . 2008-01-27 18:27 16,955,400 --a------ C:\Program Files\sdsetup.exe2008-01-27 17:13 . 2007-05-28 22:05 d--h----- C:\Documents and Settings\o\Sjablonen2008-01-27 17:13 . 2007-05-28 23:54 d--h----- C:\Documents and Settings\o\Onlangs geopend2008-01-27 17:13 . 2007-05-28 23:54 d--h----- C:\Documents and Settings\o\Netwerkprinteromgeving2008-01-27 17:13 . 2007-05-28 23:54 d-------- C:\Documents and Settings\o\Mijn documenten2008-01-27 17:13 . 2007-05-28 23:54 dr------- C:\Documents and Settings\o\Menu Start2008-01-27 17:13 . 2007-12-05 20:00 d-------- C:\Documents and Settings\o\Favorieten2008-01-27 17:13 . 2007-05-28 23:54 d-------- C:\Documents and Settings\o\Bureaublad2008-01-27 16:07 . 2008-01-27 20:28 dr-h----- C:\Documents and Settings\brigitte.THUIS-F87675B9D\Onlangs geopend.(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ).2008-01-28 16:21 41,439,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-01-28 16:16 486,500 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-01-28 16:06 1,803,253 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip2008-01-28 15:39 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\AVG72008-01-27 19:47 --------- d-----w C:\Program Files\Java2008-01-27 18:22 --------- d-----w C:\Program Files\DivX2008-01-27 17:45 --------- d-----w C:\Program Files\Common Files\PCSuite2008-01-27 17:36 12,413,440 ----a-w C:\Program Files\avgas-setup-7.5.1.43.exe2008-01-27 17:32 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP2008-01-27 09:23 --------- d-----w C:\Program Files\Google2008-01-26 14:47 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\dvdcss2008-01-26 12:57 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\LimeWire2008-01-07 14:43 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Ahead2007-12-27 18:01 --------- d-----w C:\Program Files\Elaborate Bytes2007-12-26 16:43 --------- d-----w C:\Program Files\ZoneAlarmSB2007-12-26 16:41 41,724,304 ----a-w C:\Program Files\zlsSetup_70_462_000_en.exe2007-12-25 15:40 13,338,104 ----a-w C:\Program Files\dvdrippersetup.exe2007-12-25 15:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes2007-12-25 15:25 5,026,928 ----a-w C:\Program Files\SetupCloneDVD2.exe2007-12-24 17:30 --------- d-----w C:\Program Files\MP3 Player Utilities 3.112007-12-24 17:29 --------- d-----w C:\Program Files\MP3 Player Utilities 4.072007-12-24 17:20 --------- d-----w C:\Program Files\MP3 Player Utilities2007-12-23 15:20 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Ashampoo2007-12-23 15:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo2007-12-23 15:18 10,953,056 ----a-w C:\Program Files\ashampoo_burningstudio650_cnt.exe2007-12-23 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead2007-12-20 09:30 1,448,960 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp2007-12-07 18:31 --------- d-----w C:\Program Files\LimeWire2007-12-07 02:06 347,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp2007-12-07 02:06 1,417,216 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp2007-12-05 18:53 2,635,776 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp2007-11-29 19:00 --------- d-----w C:\Program Files\Microsoft ActiveSync2007-11-29 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-11-29 10:58 --------- d-----w C:\Program Files\CoffeeCup Software2007-11-29 10:58 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\CoffeeCup Software2007-11-29 10:57 3,742,383 ----a-w C:\Program Files\CoffeeFreeFTPInstaller.exe2007-11-29 09:44 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Nvu2007-11-29 08:20 --------- d-----w C:\Program Files\AusLogics Disk Defrag2007-11-29 08:19 1,583,131 ----a-w C:\Program Files\diskdefrag_install.exe2007-11-28 09:56 --------- d-----w C:\Program Files\GRETECH2007-11-28 09:53 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\DivX2007-11-28 09:50 17,766,840 ----a-w C:\Program Files\DivXInstaller.exe2007-11-28 08:32 1,683,134 ----a-w C:\Program Files\ALLPlayerV30.exe2007-11-27 09:02 4,699,736 ----a-w C:\Program Files\GOMPLAYERENSETUP.EXE2007-11-26 15:34 41,412,496 ----a-w C:\Program Files\zlsSetup_70_408_000_en.exe2007-11-26 15:13 6,670,952 ----a-w C:\Program Files\zlsSetup_55_062_011.exe2007-11-26 11:38 523,976 ----a-w C:\Program Files\PopUpStopperFree.exe2007-11-26 11:04 164 ----a-w C:\install.dat2007-11-26 09:37 883,152 ----a-w C:\Program Files\Google Updater.exe2007-11-23 14:20 139,008 ----a-w C:\WINDOWS\system32\guard32.dll2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll2007-11-06 19:07 2,725,528 ----a-w C:\Program Files\ccsetup202.exe2007-11-02 21:11 3,936,722 ----a-w C:\Program Files\sp25682.exe2007-11-02 21:10 8,405,962 ----a-w C:\Program Files\sp26041.exe2007-11-02 21:08 328,167 ----a-w C:\Program Files\sp23160.exe2007-11-02 21:07 14,249,279 ----a-w C:\Program Files\sp23661.exe2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll2007-10-29 19:30 1,206,366 ----a-w C:\Program Files\wrar371.exe2007-09-03 17:24 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe2007-07-26 16:20 2,720,456 ----a-w C:\Program Files\ccsetup141.exe2007-06-27 06:23 25,827,912 ----a-w C:\Program Files\wmp11-windowsxp-x86-nl-nl.exe2007-06-15 17:57 1,945,800 ----a-w C:\Program Files\PPVIEWER.EXE2007-06-15 14:31 4,218,092 ----a-w C:\Program Files\LimeWire PRO 4.12.6.zip2007-06-15 02:48 1,493,863 ----a-w C:\Program Files\ALLPlayer.exe2007-06-11 07:08 7,840,768 ----a-w C:\Program Files\setup.msi2007-06-01 17:54 3,098,056 ----a-w C:\Program Files\LimeWireWin.exe2007-05-29 08:42 2,719,216 ----a-w C:\Program Files\ccsetup140.exe2007-05-29 08:30 339,257 ----a-w C:\Program Files\CleanUp452.exe2007-05-29 08:27 4,179,293 ----a-w C:\Program Files\everesthome220.exe2006-09-04 23:02 21,299,912 ----a-w C:\Program Files\avg75free_463a1000.exe.((((((((((((((((((((( (((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) ..REGEDIT4*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]2007-12-26 17:43 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-26 17:43 262144][HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]"Cmaudio"="cmicnfg.cpl" []"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 10:40 579072]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:31 219136]C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-11-29 11:58:18 372224]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360][hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [ ]S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys [][HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0928e9dd-b244-11dc-adb5-00138fd57e6c}]\Shell\Auto\command - sxs.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe.****************************************** ********************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-01-28 17:22:06Windows 5.1.2600 Service Pack 2 NTFSescaneando procesos ocultos ...escaneando entradas ocultas de autostart ...escaneando archivos ocultos ...el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************.Tiempo completado: 2008-01-28 17:22:51ComboFix-quarantined-files.txt 2008-01-28 16:22:48ComboFix2.txt 2008-01-28 16:12:43ComboFix3.txt 2008-01-28 16:01:38.2008-01-28 15:43:18 --- E O F ---
patrick1964 28 January 2008, 18:28 zoals gevraagt en alvast bedankt...groeten patrick
patrick1964 28 January 2008, 19:05 hallo
daarnet een scan gemaakt tegen spyware en plots werkt alles weer.
blijkbaar toch een infectie die eerst niet gevonden werd.
ben toch benieuwd naar wat jullie denken.
groeten patrick
Rosty 28 January 2008, 19:11 Hoi,
uw logjes staan nog steeds niet goed!!
Ga naar http://www.minatica.be/profile.php?do=editoptions --> diverse opties -- weergavemodus en kies daar voor Standaard editor - extra opties
en klik op aanpassingen bewaren.
Post nu uw logjes opnieuw aub.
patrick1964 28 January 2008, 19:58 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:24, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6771 bytes
patrick1964 28 January 2008, 20:07 ComboFix 08-01-28.2 - brigitte 2008-01-28 17:20:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.240 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\brigitte.THUIS-F87675B9D\Bureaublad\ComboFix.exe
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
(((((((((((((((((( Archivos creados desde 2007-12-28 - 2008-01-28 )))))))))))))))))))))))))))))))))
.
2008-01-27 20:48 . 2008-01-27 20:48 <DIR> d-------- C:\Program Files\Sun
2008-01-27 20:43 . 2008-01-27 20:43 74,745,240 --a------ C:\Program Files\jdk-6u4-windows-i586-p.exe
2008-01-27 20:30 . 2008-01-27 20:30 1,721,043 --a------ C:\Program Files\McafeeRootkitDetective.zip
2008-01-27 20:04 . 2008-01-27 20:04 <DIR> d-------- C:\Program Files\FinalBurner
2008-01-27 20:03 . 2008-01-27 20:03 9,380,925 --a------ C:\Program Files\fb_free.exe
2008-01-27 19:56 . 2008-01-27 19:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-27 19:56 . 2008-01-27 19:56 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-01-27 19:17 . 2008-01-27 19:17 690,136 --a------ C:\Program Files\installer-49784-840-YouTube-Downloader.exe
2008-01-27 18:55 . 2008-01-27 18:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-01-27 18:54 . 2008-01-27 18:57 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-27 18:54 . 2008-01-27 18:54 1,579,360 --a------ C:\Program Files\taskmanager17.exe
2008-01-27 18:50 . 2008-01-27 18:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-27 18:44 . 2008-01-27 18:44 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-01-27 18:27 . 2008-01-27 18:27 16,955,400 --a------ C:\Program Files\sdsetup.exe
2008-01-27 17:13 . 2007-05-28 22:05 <DIR> d--h----- C:\Documents and Settings\o\Sjablonen
2008-01-27 17:13 . 2007-05-28 23:54 <DIR> d--h----- C:\Documents and Settings\o\Onlangs geopend
2008-01-27 17:13 . 2007-05-28 23:54 <DIR> d--h----- C:\Documents and Settings\o\Netwerkprinteromgeving
2008-01-27 17:13 . 2007-05-28 23:54 <DIR> d-------- C:\Documents and Settings\o\Mijn documenten
2008-01-27 17:13 . 2007-05-28 23:54 <DIR> dr------- C:\Documents and Settings\o\Menu Start
2008-01-27 17:13 . 2007-12-05 20:00 <DIR> d-------- C:\Documents and Settings\o\Favorieten
2008-01-27 17:13 . 2007-05-28 23:54 <DIR> d-------- C:\Documents and Settings\o\Bureaublad
2008-01-27 16:07 . 2008-01-27 20:28 <DIR> dr-h----- C:\Documents and Settings\brigitte.THUIS-F87675B9D\Onlangs geopend
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-01-28 16:21 41,439,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 16:16 486,500 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 16:06 1,803,253 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-28 15:39 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\AVG7
2008-01-27 19:47 --------- d-----w C:\Program Files\Java
2008-01-27 18:22 --------- d-----w C:\Program Files\DivX
2008-01-27 17:45 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-01-27 17:36 12,413,440 ----a-w C:\Program Files\avgas-setup-7.5.1.43.exe
2008-01-27 17:32 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-27 09:23 --------- d-----w C:\Program Files\Google
2008-01-26 14:47 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\dvdcss
2008-01-26 12:57 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\LimeWire
2008-01-07 14:43 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Ahead
2007-12-27 18:01 --------- d-----w C:\Program Files\Elaborate Bytes
2007-12-26 16:43 --------- d-----w C:\Program Files\ZoneAlarmSB
2007-12-26 16:41 41,724,304 ----a-w C:\Program Files\zlsSetup_70_462_000_en.exe
2007-12-25 15:40 13,338,104 ----a-w C:\Program Files\dvdrippersetup.exe
2007-12-25 15:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes
2007-12-25 15:25 5,026,928 ----a-w C:\Program Files\SetupCloneDVD2.exe
2007-12-24 17:30 --------- d-----w C:\Program Files\MP3 Player Utilities 3.11
2007-12-24 17:29 --------- d-----w C:\Program Files\MP3 Player Utilities 4.07
2007-12-24 17:20 --------- d-----w C:\Program Files\MP3 Player Utilities
2007-12-23 15:20 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Ashampoo
2007-12-23 15:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
2007-12-23 15:18 10,953,056 ----a-w C:\Program Files\ashampoo_burningstudio650_cnt.exe
2007-12-23 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-12-20 09:30 1,448,960 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-12-07 18:31 --------- d-----w C:\Program Files\LimeWire
2007-12-07 02:06 347,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-07 02:06 1,417,216 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-05 18:53 2,635,776 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-11-29 19:00 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-29 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 10:58 --------- d-----w C:\Program Files\CoffeeCup Software
2007-11-29 10:58 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\CoffeeCup Software
2007-11-29 10:57 3,742,383 ----a-w C:\Program Files\CoffeeFreeFTPInstaller.exe
2007-11-29 09:44 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\Nvu
2007-11-29 08:20 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-11-29 08:19 1,583,131 ----a-w C:\Program Files\diskdefrag_install.exe
2007-11-28 09:56 --------- d-----w C:\Program Files\GRETECH
2007-11-28 09:53 --------- d-----w C:\Documents and Settings\brigitte.THUIS-F87675B9D\Application Data\DivX
2007-11-28 09:50 17,766,840 ----a-w C:\Program Files\DivXInstaller.exe
2007-11-28 08:32 1,683,134 ----a-w C:\Program Files\ALLPlayerV30.exe
2007-11-27 09:02 4,699,736 ----a-w C:\Program Files\GOMPLAYERENSETUP.EXE
2007-11-26 15:34 41,412,496 ----a-w C:\Program Files\zlsSetup_70_408_000_en.exe
2007-11-26 15:13 6,670,952 ----a-w C:\Program Files\zlsSetup_55_062_011.exe
2007-11-26 11:38 523,976 ----a-w C:\Program Files\PopUpStopperFree.exe
2007-11-26 11:04 164 ----a-w C:\install.dat
2007-11-26 09:37 883,152 ----a-w C:\Program Files\Google Updater.exe
2007-11-23 14:20 139,008 ----a-w C:\WINDOWS\system32\guard32.dll
2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 19:07 2,725,528 ----a-w C:\Program Files\ccsetup202.exe
2007-11-02 21:11 3,936,722 ----a-w C:\Program Files\sp25682.exe
2007-11-02 21:10 8,405,962 ----a-w C:\Program Files\sp26041.exe
2007-11-02 21:08 328,167 ----a-w C:\Program Files\sp23160.exe
2007-11-02 21:07 14,249,279 ----a-w C:\Program Files\sp23661.exe
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 19:30 1,206,366 ----a-w C:\Program Files\wrar371.exe
2007-09-03 17:24 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe
2007-07-26 16:20 2,720,456 ----a-w C:\Program Files\ccsetup141.exe
2007-06-27 06:23 25,827,912 ----a-w C:\Program Files\wmp11-windowsxp-x86-nl-nl.exe
2007-06-15 17:57 1,945,800 ----a-w C:\Program Files\PPVIEWER.EXE
2007-06-15 14:31 4,218,092 ----a-w C:\Program Files\LimeWire PRO 4.12.6.zip
2007-06-15 02:48 1,493,863 ----a-w C:\Program Files\ALLPlayer.exe
2007-06-11 07:08 7,840,768 ----a-w C:\Program Files\setup.msi
2007-06-01 17:54 3,098,056 ----a-w C:\Program Files\LimeWireWin.exe
2007-05-29 08:42 2,719,216 ----a-w C:\Program Files\ccsetup140.exe
2007-05-29 08:30 339,257 ----a-w C:\Program Files\CleanUp452.exe
2007-05-29 08:27 4,179,293 ----a-w C:\Program Files\everesthome220.exe
2006-09-04 23:02 21,299,912 ----a-w C:\Program Files\avg75free_463a1000.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 17:43 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-26 17:43 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 10:40 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:31 219136]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-11-29 11:58:18 372224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [ ]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0928e9dd-b244-11dc-adb5-00138fd57e6c}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 17:22:06
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-01-28 17:22:51
ComboFix-quarantined-files.txt 2008-01-28 16:22:48
ComboFix2.txt 2008-01-28 16:12:43
ComboFix3.txt 2008-01-28 16:01:38
.
2008-01-28 15:43:18 --- E O F ---
patrick1964 28 January 2008, 20:07 hopelijk is het deze x wel goed :-)
Rosty 28 January 2008, 20:12 Hoi,
waarom heb je de recovery console niet geinstaleerd??
Dat ziet er anders goed uit hoor.
Hoe werkt alles verder?
patrick1964 28 January 2008, 23:13 hallo
het was is spaans of italiaans dus weet niet wat de recovery console was.
m,n pc werkt trug prima.
bedaankt voor uw tijd en inzet ....groeten patrick
Rosty 29 January 2008, 18:44 hallo
het was is spaans of italiaans dus weet niet wat de recovery console was.
m,n pc werkt trug prima.
bedaankt voor uw tijd en inzet ....groeten patrick
Hmmmmm, bij lmij is het in het nederlands hoor!!
Probeer dit eens:
Ga naar Microsoft's website => http://support.microsoft.com/kb/310994
Selecteer de download dat van toepassing is voor uw Operating System
http://img.photobucket.com/albums/v666/sUBs/KB310994.gif
Download de file & save het origineel genoemd is naast ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/rc1.gif
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
|
|