Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 19
  1. #1
    Expert  
    Geregistreerd
    2 August 2005
    Berichten
    497
    Bedankjes
    102
    Bedankt
    44 keer in 40 posts

    Weer verdachte programma's en foutmeldingen

    Ik wou een tijdje geleden Firefox installeren. Ik downloadde de installer vanaf de officiele website, maar kreeg de melding dat het "corrupt" was.
    Ook startte ik een paar dagen geleden mijn pc op en kreeg ik een melding van SpyVampire dat hij 24 besmette bestandjes had gevonden.
    Ik vond dit zeer verdacht omdat: 1) ik SpyVampire nooit geïnstalleerd heb en
    2) hij niet eens heeft moeten scannen om tot de conclusie te komen dat hij 24 fouten vond.
    Ik heb dan eens gegoogled en mijn vermoeden dat SpyVampire zelf spyware was werd bevestigd.
    Alsof dat nog niet genoeg is, wou ik ook eens opzoeken wanneer mijn broer zijn vlucht van China geland was op Charles de Gaulle en via Google kwam ik toen op een totaal andere site uit terwijl de beschrijving van Google nochtans duidelijk zei dat het de officiele site van Charles de Gaulle was.

    In ieder geval, hier is het logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:29:52, on 1/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\mshelp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HJT.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir..._PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dmmjv.exe] C:\WINDOWS\system32\dmmjv.exe
    O4 - HKLM\..\RunServices: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103146054046
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{070C0291-3F0A-4D4C-B383-68EC3E75EF44}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CCS\Services\Tcpip\..\{60A48A5C-0583-401A-BF60-C91BD1060C14}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2FBA02E-941A-4270-953B-54E83F5CC07A}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A90F0A-78A3-450B-A883-5FAD9CBEE661}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B476F764-BD59-4865-A9AA-4F41EAF01C87}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{070C0291-3F0A-4D4C-B383-68EC3E75EF44}: NameServer = 85.255.114.3,85.255.112.127
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmyly.exe

    Ik heb zelf al gescand in veilige modus met Ad-Aware (die om de een of andere reden niet fatsoenlijk kon updaten), AVG Anti-Spyware en Spybot S&D. Alle 3 vonden ze SpyVampire en hebben ze hem kunnen verwijderen.

  2. #2
    Expert  
    Geregistreerd
    22 February 2007
    Locatie
    Wijk bij Duurstede
    Berichten
    678
    Bedankjes
    39
    Bedankt
    101 keer in 99 posts
    Ik ga even kijken voor je!

  3. #3
    Expert  
    Geregistreerd
    22 February 2007
    Locatie
    Wijk bij Duurstede
    Berichten
    678
    Bedankjes
    39
    Bedankt
    101 keer in 99 posts
    Hoi Martijn VDD,

    Download de WareOutfix van één van deze twee site's:
    • http://downloads.subratam.org/Fixwareout.exe
      http://www.bleepingcomputer.com/file...Fixwareout.exe

      Sla het op op je Bureaublad en laat het runnen.
      Klik dan op Next, dan op Install,
      wees zeker dat Run fixit is aangevinkt en klik op Finish.
      De fix zal beginnen; volg de instructies die je krijgt.
      Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook.
      Je computer zal nu wat trager opstarten, dit is normaal.

      Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).

    1. Open HijackThis
    2. Klik op 'Config'
    3. Klik op 'Misc Tools'
    4. Zet een vinkje in 'List also minor sections (full)'
    5. Klik op 'Generate StartupList log'
    6. Klik op 'Ja' om de log te maken
    7. Het StartupList log wordt nu weergegeven in je kladblok.
    8. Druk (op je toetsenbord) achtereenvolgens op ctrl+a en ctrl+c om de gehele tekst te selecteren.
    9. Plaats het log hier dmv toetsen ctrl+v

    Plaats nu het logje van Wareoutfix, de Hijackthis startup log en een vers Hijackthis logje in je volgende bericht.

    Succes

    Pim

  4. #4
    Expert  
    Geregistreerd
    2 August 2005
    Berichten
    497
    Bedankjes
    102
    Bedankt
    44 keer in 40 posts
    Ziezo:

    Username "Rita" - 2007-08-02 14:24:56 [Fixwareout edited 2007/07/05]
    »»»»»Prerun check
    HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmmjv"
    Service: "Windows Management Service" = C:\WINDOWS\System32\dmyly.exe
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{070C0291-3F0A-4D4C-B383-68EC3E75EF44}
    "nameserver"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{60A48A5C-0583-401A-BF60-C91BD1060C14}
    "nameserver"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{A2FBA02E-941A-4270-953B-54E83F5CC07A}
    "nameserver"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{A4A90F0A-78A3-450B-A883-5FAD9CBEE661}
    "nameserver"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{B476F764-BD59-4865-A9AA-4F41EAF01C87}
    "nameserver"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{60A48A5C-0583-401A-BF60-C91BD1060C14}
    "DhcpNameServer"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{A2FBA02E-941A-4270-953B-54E83F5CC07A}
    "DhcpNameServer"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{A4A90F0A-78A3-450B-A883-5FAD9CBEE661}
    "DhcpNameServer"="85.255.114.3,85.255.112.127" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{C34F31C8-B701-45BD-B398-4486D8AF6742}
    "DhcpNameServer"="85.255.114.3,85.255.112.127" <Value cleared.
    De DNS-omzettingscache is leeggemaakt.

    System was rebooted successfully.

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "1mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "3mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5EEF5BA99F47-2E1B-8864-BC20-25DE2DF2{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}33C25F52C507-E34A-91E4-A192-479D652F{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "ixgmd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BEBA0400F299-C26A-80C4-07A8-0DD31795{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}14461BADDB50-ED4A-8614-F979-2601002B{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D2891E102503-485A-C704-FAAB-598A67B0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}CAA14C26899E-C61A-07D4-0F27-C71DCE40{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F831138AA7A6-063A-8ED4-3AFF-45803F9C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "vjmmd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "nvpmd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "ylymd" Deleted
    ....
    »»»»» Misc files.
    C:\Program Files\SpyVampire Deleted
    C:\WINDOWS\system32\{B073E352-A997-4548-BBB0-0A80DB5558AC}.exe Deleted
    C:\WINDOWS\System32\kernel32.exe Deleted
    ....
    »»»»» Checking for older varients.
    ....
    »»»»» Other
    C:\WINDOWS\temp\dmyly.ren 62984 04/08/2004
    »»»»» Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w 32x86\\3\\hpztsb04.exe"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "Logitech Hardware Abstraction Layer"="\"C:\\Program Files\\Common Files\\Logitech\\KhalShared\\KHALMNPR.EXE\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck. exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "TomTomHOME.exe"="\"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "Microsoft Help Process for Win32 Services"="mshelp.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Popup Ad Filter"="C:\\Program Files\\Meaya\\Popup Ad Filter\\PopFilter.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
    "WhatPulse"="C:\\PROGRA~1\\WHATPU~1\\WHATPU~1. EXE"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»

    StartupList report, 2/08/2007, 19:27:20
    StartupList version: 1.52.2
    Started from : C:\HijackThis\HJT.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\mshelp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HJT.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    BTTray.lnk = ?
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
    LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
    Logitech Hardware Abstraction Layer = "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
    (Default) =
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    TomTomHOME.exe = "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    Microsoft Help Process for Win32 Services = mshelp.exe
    AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
    Microsoft Help Process for Win32 Services = mshelp.exe
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Popup Ad Filter = C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    WhatPulse = C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    [optionalcomponents]
    =
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------

    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    AppleSoftwareUpdate.job
    RegistrySmart Scheduled Scan.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}]
    CODEBASE = http://www.musicnotes.com/download/mnviewer.cab
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/pub...irector/sw.cab
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/pub...irector/sw.cab
    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.co...?1103146054046
    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab
    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.co...072.5027662037
    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
    CODEBASE = http://messenger.zone.msn.com/binary...t.cab56907.cab
    [Minesweeper Flags Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary...r.cab56986.cab
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run
    ltwob = C:\WINDOWS\system32\formatsys.exe
    serpe = C:\WINDOWS\system32\formatsys.exe
    --------------------------------------------------
    End of report, 8.608 bytes
    Report generated in 0,063 seconds
    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

  5. #5
    Expert  
    Geregistreerd
    22 February 2007
    Locatie
    Wijk bij Duurstede
    Berichten
    678
    Bedankjes
    39
    Bedankt
    101 keer in 99 posts
    Hoi martijn,

    Mag ik nog even een nieuw Hijackthis logje van je?

    Pim

  6. #6
    Expert  
    Geregistreerd
    2 August 2005
    Berichten
    497
    Bedankjes
    102
    Bedankt
    44 keer in 40 posts
    Vergeten. ^^

    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:20, on 3/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\mshelp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\HijackThis\HJT.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir..._PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunServices: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103146054046
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  7. #7
    Expert  
    Geregistreerd
    22 February 2007
    Locatie
    Wijk bij Duurstede
    Berichten
    678
    Bedankjes
    39
    Bedankt
    101 keer in 99 posts
    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Download Combofix naar je bureaublad

    Dubbelklik op combofix.exe
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Post het logje van Combofix tesamen met een nieuw Hijackthis logje in je volgende bericht.

    Succes

    Pim
    Laatst gewijzigd door DJ Inpossible; 4 August 2007 om 11:59

  8. #8
    Expert  
    Geregistreerd
    2 August 2005
    Berichten
    497
    Bedankjes
    102
    Bedankt
    44 keer in 40 posts
    Ziezo:

    ComboFix 07-08-04.3 - "Rita" 2007-08-04 14:35:01.1 [GMT 2:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.Waar
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\88996661.exe
    C:\Program Files\Common Files\companion wizard
    C:\Program Files\Common Files\companion wizard\compwiz.exe
    C:\WINDOWS\system32\_002995_.tmp.dll
    C:\WINDOWS\system32\_002998_.tmp.dll
    C:\WINDOWS\system32\_003001_.tmp.dll
    C:\WINDOWS\system32\_003172_.tmp.dll
    C:\WINDOWS\system32\_003174_.tmp.dll
    C:\WINDOWS\system32\_003175_.tmp.dll
    C:\WINDOWS\system32\_003178_.tmp.dll
    C:\WINDOWS\system32\_003179_.tmp.dll
    C:\WINDOWS\system32\_003181_.tmp.dll
    C:\WINDOWS\system32\_003182_.tmp.dll
    C:\WINDOWS\system32\_003183_.tmp.dll
    C:\WINDOWS\system32\_003185_.tmp.dll
    C:\WINDOWS\system32\_003186_.tmp.dll
    C:\WINDOWS\system32\_003188_.tmp.dll
    C:\WINDOWS\system32\_003192_.tmp.dll
    C:\WINDOWS\system32\_003193_.tmp.dll
    C:\WINDOWS\system32\_003195_.tmp.dll
    C:\WINDOWS\system32\_003196_.tmp.dll
    C:\WINDOWS\system32\_003198_.tmp.dll
    C:\WINDOWS\system32\_003200_.tmp.dll
    C:\WINDOWS\system32\_003204_.tmp.dll
    C:\WINDOWS\system32\_003207_.tmp.dll
    C:\WINDOWS\system32\_003209_.tmp.dll
    C:\WINDOWS\system32\_003210_.tmp.dll
    C:\WINDOWS\system32\_003211_.tmp.dll
    C:\WINDOWS\system32\_003215_.tmp.dll
    C:\WINDOWS\system32\stera.log

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_FOPN

    ((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))

    2007-08-04 14:34 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-02 21:39 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2007-08-02 21:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-08-02 21:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2007-08-02 21:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-08-02 21:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
    2007-08-02 21:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
    2007-08-02 21:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
    2007-08-02 21:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-08-02 21:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-08-02 21:39 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-08-02 21:39 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
    2007-08-02 21:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-07-29 11:24 <DIR> dr-h----- C:\DOCUME~1\Rita\Onlangs geopend
    2007-07-24 16:21 <DIR> d-------- C:\Program Files\iPod
    2007-07-24 16:17 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-07-24 16:16 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-24 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-19 15:18 <DIR> d-------- C:\Program Files\NEXON
    2007-07-14 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    2007-07-12 18:47 <DIR> d-------- C:\DOCUME~1\Rita\APPLIC~1\Sibelius Software

    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    2007-07-24 16:21 --------- d-------- C:\Program Files\iTunes
    2007-07-24 16:19 --------- d-------- C:\Program Files\QuickTime
    2007-07-21 13:07 --------- d-------- C:\Program Files\Common Files\NSV
    2007-07-17 11:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-17 11:00 --------- d-------- C:\Program Files\GPotato
    2007-07-17 10:53 --------- d-------- C:\Program Files\EA GAMES
    2007-07-13 19:09 81146 --a------ C:\WINDOWS\system32\perfc013.dat
    2007-07-13 19:09 465612 --a------ C:\WINDOWS\system32\perfh013.dat
    2007-06-19 20:11 --------- d-------- C:\Program Files\MSN Messenger
    2007-06-19 15:21 --------- d-------- C:\Program Files\BitComet
    2007-06-19 12:07 --------- d-------- C:\Program Files\LimeWire
    2007-06-14 19:43 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2007-06-07 17:38 --------- d-------- C:\Program Files\TomTom HOME
    2007-06-03 11:02 9983 --a------ C:\dnsbak.reg
    2007-05-16 17:19 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 17:19 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 17:19 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 17:19 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 17:19 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-04 14:54 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
    2006-12-17 10:16:21 80 --sh--r C:\WINDOWS\system32\B2EFB72D14.dll
    2007-01-20 14:50:34 152 --sh--r C:\WINDOWS\system32\B2EFB72D14.sys
    2007-01-20 14:50:35 4,288 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-12-20 00:29]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
    "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-05-10 09:48]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe " [2001-07-09 11:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Microsoft Help Process for Win32 Services"="mshelp.exe" [2007-03-07 18:10 C:\WINDOWS\system32\mshelp.exe]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-09 13:42]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Popup Ad Filter"="C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe" [2001-05-21 03:32]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL, NvTaskbarInit" []
    "WhatPulse"="C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE " [2004-12-05 12:20]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
    "Microsoft Help Process for Win32 Services"=mshelp.exe
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 22:35:36]
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoColorChoice"=0 (0x0)
    "NoSizeChoice"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "NoVisualStyleChoice"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)
    "NoActiveDesktopChanges"=0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoSaveSettings"=0 (0x0)
    "NoThemesTab"=0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
    "ltwob"=C:\WINDOWS\system32\formatsys.exe
    "serpe"=C:\WINDOWS\system32\formatsys.exe
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    "Notification Packages"= scecli scecli
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ARTEC ScanEZ.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ARTEC ScanEZ.lnk
    backup=C:\WINDOWS\pss\ARTEC ScanEZ.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rita^Menu Start^Programma's^Opstarten^Morpheus.lnk]
    path=C:\Documents and Settings\Rita\Menu Start\Programma's\Opstarten\Morpheus.lnk
    backup=C:\WINDOWS\pss\Morpheus.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rita^Menu Start^Programma's^Opstarten^TomTom HOME.lnk]
    path=C:\Documents and Settings\Rita\Menu Start\Programma's\Opstarten\TomTom HOME.lnk
    backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rita^Menu Start^Programma's^Opstarten^Xfire.lnk]
    path=C:\Documents and Settings\Rita\Menu Start\Programma's\Opstarten\Xfire.lnk
    backup=C:\WINDOWS\pss\Xfire.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    "C:\Program Files\BearShare\BearShare.exe" /pause
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    Mixer.exe /startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
    C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
    R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
    R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
    R0 sbp2port;SBP-2 Transport/Protocol-busstuurprogramma;C:\WINDOWS\system32\DRIVERS\sbp2 port.sys
    R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
    R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.s ys
    R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepK E.sys
    R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    R3 ham50;Creatix V.90 HAM Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CTXH51.sys
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART-stuurprogramma;C:\WINDOWS\system32\drivers\msmpu40 1.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL2 1.sys
    R3 sbpci;SB PCI Family Audio Driver (WDM);C:\WINDOWS\system32\drivers\sbpci.sys
    S3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
    S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\Ea gleNT.sys
    S3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\Drivers\L8042Kbd.sys
    S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\Drivers\L8042mou.sys
    S3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\Drivers\LMouKE.sys
    S3 Mkd2kfNt;Mkd2kfNt;C:\WINDOWS\system32\drivers\Mkd2 kfNt.sys
    S3 Mkd2Usbf;Mkd2Usbf;C:\WINDOWS\system32\drivers\Mkd2 Usbf.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tieh dusb.sys
    S3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys

    Contents of the 'Scheduled Tasks' folder
    2007-07-27 20:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-05-02 13:21:27 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job - C:\Program Files\RegistrySmart\RegistrySmart.exe
    ************************************************** ************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-04 14:39:45
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    ************************************************** ************************
    Completion time: 2007-08-04 14:42:08 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-04 14:41
    C:\ComboFix2.txt ... 2006-11-25 09:17
    --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 14:43:16, on 4/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\mshelp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HJT.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunServices: [Microsoft Help Process for Win32 Services] mshelp.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103146054046
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  9. #9
    Expert  
    Geregistreerd
    22 February 2007
    Locatie
    Wijk bij Duurstede
    Berichten
    678
    Bedankjes
    39
    Bedankt
    101 keer in 99 posts
    Download SDFix naar je Bureaublad.

    Dubbelklik om te openen, selecteer alle bestanden en pak ze uit naar een eigen map met de naam SDFix.
    Start je computer op in veilige modus.
    Open de map SDfix en dubbelklik op runthis.bat om de tool te starten.
    Computer laten herstarten wanneer dit gevraagd wordt.
    SDfix loopt verder en opent na afloop een rapportje!
    Post dit rapport in je volgende antwoord.

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
    "ltwob"=""
    "serpe"=""

    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim

  10. #10
    Expert  
    Geregistreerd
    2 August 2005
    Berichten
    497
    Bedankjes
    102
    Bedankt
    44 keer in 40 posts
    Ik krijg hetvolgende als ik SDFix.zip wil downloaden:

    Multiple Choices

    The document name you requested (/RemovalTools/SDFix.zip) could not be found on this server. However, we found documents with names similar to the one you requested.

    Available documents:
    Please consider informing the owner of the referring page about the broken link.
    Ik heb SDFix.exe eens gedownload om te proberen en dan krijg ik hetvolgende:

    Please install to the default location by clicking Install The SDFix Folder will be extracted to %systemdrive% \ (Drive that contains the Windows directory - typically 'C:\SDFix') Open the SDFix folder in Safe Mode then double click the RunThis.bat file to start the fixtool. If run in Normal Mode, options to download and run Anti-Virus command line scanners are displayed.
    Catchme.exe Userland Rootkit Detector by GMER is also included in the SDFix folder
    Het is dus een programma om iets te installeren.
    Laatst gewijzigd door MartijnVDD; 5 August 2007 om 15:05

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Verdachte e-mail...
    Door MartijnVDD in forum HijackThis
    Reacties: 7
    Laatste bericht: 28 February 2007, 22:30
  2. Verdachte scripts
    Door crash in forum Webdevelopment & Programming
    Reacties: 7
    Laatste bericht: 4 January 2007, 13:17
  3. Handige site voor verdachte bestanden
    Door Orion in forum Malware
    Reacties: 7
    Laatste bericht: 15 November 2005, 20:55
  4. verdachte bestanden verwijderen
    Door whoopie in forum Malware
    Reacties: 7
    Laatste bericht: 3 November 2005, 12:41

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •