Breekpunt.nl

Breekpunt.nl - Forum

Alle forums

Beveiliging

HijackThis-logs

Log ter controle

Nota: U moet geregistreerd zijn om een reactie te kunnen plaatsen.
Om te registreren, klik hier. Registratie is GRATIS!

Schermgrootte:

Gebruikersnaam:

Wachtwoord:

Wijze:

Opmaak:

Bericht:

* HTML is UIT
* Forumcode is AAN

Smilies

[quote][i]Oorspronkelijk geplaatst door Lobeda[/i]
[br]Hieronder een logje van een pc die ik met o.a. Ad Aware, Malwarebytes, Regseeker e.a. heb trachten schoon te maken.  Veel is al verwijderd, nu graag dit logje eens nakijken a.ub.  Bovendien zijn er een aantal dingen die bij het opstarten mogen uitgeschakeld worden denk ik, maar welke? Ook start Google heel langzaam op, maar eens opgestart gaat hij wel normaal. Met dank bij voorbaat.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:51, on 14/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\windows\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\gebruiker 1\Mijn documenten\WILLY\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?9de329d36ab44138b33169d3854a709f
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?9de329d36ab44138b33169d3854a709f
O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.kranske.be/images/IM000764.JPG

--
End of file - 7893 bytes

[/quote]

Voeg uw handtekening toe.
Vink aan om een abonnement te nemen.

O N D E R W E R P B E K IJ K E N
Lobeda	Geplaatst - 14 Sep 2009 : 15:20:22 Hieronder een logje van een pc die ik met o.a. Ad Aware, Malwarebytes, Regseeker e.a. heb trachten schoon te maken. Veel is al verwijderd, nu graag dit logje eens nakijken a.ub. Bovendien zijn er een aantal dingen die bij het opstarten mogen uitgeschakeld worden denk ik, maar welke? Ook start Google heel langzaam op, maar eens opgestart gaat hij wel normaal. Met dank bij voorbaat. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:10:51, on 14/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\windows\system32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\htpatch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\gebruiker 1\Mijn documenten\WILLY\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?9de329d36ab44138b33169d3854a709f O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?9de329d36ab44138b33169d3854a709f O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - http://www.kranske.be/images/IM000764.JPG -- End of file - 7893 bytes
5 L A A T S T E R E A C T I E S (Nieuwste eerst)
Eric U	Geplaatst - 22 Sep 2009 : 20:08:38 Ik houd niet van regcleaners. Download Dial-a-fix en pak beide bestanden in hun eigen map uit naar je Bureaublad. In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Exit" te klikken.
Lobeda	Geplaatst - 22 Sep 2009 : 12:39:06 Hoi Eric, hierbij het gevraagde logbestand. De pc is nog steeds erg traag tijdens het opstarten, is er een verband met virussen of heeft CCleaner/Regseeker wat teveel weggehaald? Dank voor het nakijken en groetjes. ComboFix 09-09-21.01 - Francois 22/09/2009 11:12.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.255.111 [GMT 2:00] Gestart vanuit: c:\documents and settings\Francois\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\gebruiker 1\Application Data\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\gebruiker 1\Application Data\Microsoft\Clip Organizer\Offic10.MGC c:\documents and settings\gebruiker 2\Application Data\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\gebruiker 2\Application Data\Microsoft\Clip Organizer\Offic10.MGC c:\windows\exefld c:\windows\Installer\247678d.msi c:\windows\Installer\2fcb67f.msi c:\windows\Installer\526f8.msi c:\windows\Installer\a4a71.msi c:\windows\system32\AutoRun.inf c:\windows\version.txt . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))) . 2009-09-16 19:39 . 2009-09-16 19:39 -------- d-----w- c:\documents and settings\gebruiker 2\Application Data\Malwarebytes 2009-09-14 21:39 . 2009-09-14 21:39 -------- d-----w- C:\programme 2009-09-14 20:33 . 2009-09-15 12:00 -------- d--h--r- c:\documents and settings\gebruiker 1\Onlangs geopend 2009-09-14 14:45 . 2009-09-14 14:48 -------- d-----w- c:\documents and settings\gebruiker 1\Local Settings\Application Data\jZip 2009-09-14 14:44 . 2009-09-14 14:45 -------- d-----w- c:\program files\jZip 2009-09-14 10:30 . 2009-09-14 10:30 -------- d-----w- c:\documents and settings\gebruiker 1\Application Data\Office Genuine Advantage 2009-09-14 09:38 . 2009-02-15 22:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-14 09:38 . 2009-02-15 22:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-14 09:37 . 2009-02-15 22:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-09-14 09:37 . 2009-09-14 09:38 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-14 09:37 . 2009-09-14 09:37 -------- d-----w- c:\program files\Zone Labs 2009-09-13 08:36 . 2009-09-13 08:36 -------- d-----w- c:\program files\microsoft frontpage 2009-09-12 10:41 . 2009-09-12 11:41 -------- d-----w- c:\documents and settings\gebruiker 1\DoctorWeb 2009-09-12 08:42 . 2009-09-12 08:42 -------- d-----w- c:\documents and settings\gebruiker 1\Application Data\Malwarebytes 2009-09-12 08:42 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 08:42 . 2009-09-12 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 08:42 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-12 08:42 . 2009-09-12 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 16:20 . 2009-09-12 09:58 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-11 13:48 . 2009-09-11 13:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-11 13:48 . 2009-09-11 13:48 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-11 13:48 . 2009-09-11 13:48 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-11 13:47 . 2009-09-22 08:53 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-11 13:46 . 2009-09-11 13:46 -------- d-----w- c:\program files\AVG 2009-09-11 13:46 . 2009-09-11 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-11 13:39 . 2009-09-11 13:39 -------- d-----w- c:\documents and settings\gebruiker 1\Application Data\AVG8 2009-09-11 12:49 . 2009-09-11 12:49 -------- d-----w- c:\program files\CCleaner 2009-09-11 12:28 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-09-11 10:18 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-11 10:12 . 2009-09-11 10:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-11 10:11 . 2009-09-11 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system32\drivers\rt2661.bin 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system32\drivers\rt2561s.bin 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system32\drivers\rt2561.bin 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system\rt2661.bin 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system\rt2561s.bin 2009-09-11 09:38 . 2006-04-06 11:15 8192 ----a-r- c:\windows\system\rt2561.bin 2009-09-11 09:38 . 2005-11-16 00:21 2048 ----a-w- c:\windows\system32\drivers\rt73.bin 2009-09-11 09:38 . 2005-11-16 00:21 2048 ----a-w- c:\windows\system\rt73.bin 2009-09-11 09:09 . 2009-09-11 09:19 -------- d-----w- c:\program files\D-Link 2009-09-11 09:07 . 2005-11-03 18:39 245504 ----a-w- c:\windows\system32\drivers\Dr71WU.sys 2009-09-11 08:56 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-09-11 08:56 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-09-11 08:56 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-09-11 08:56 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-09-11 08:55 . 2001-09-06 18:47 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2009-09-11 08:55 . 2001-09-06 18:47 18176 ----a-w- c:\windows\system32\drivers\sermouse.sys 2009-09-08 17:33 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-04 11:47 . 2009-09-04 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom 2009-09-04 11:47 . 2009-09-04 11:47 -------- d-----w- c:\documents and settings\gebruiker 1\Local Settings\Application Data\TomTom 2009-09-04 11:47 . 2009-09-04 11:47 -------- d-----w- c:\documents and settings\gebruiker 1\Application Data\TomTom 2009-09-04 11:47 . 2009-09-04 11:47 -------- d-----w- c:\program files\TomTom International B.V 2009-09-04 11:46 . 2009-09-04 11:46 -------- d-----w- c:\program files\TomTom HOME 2 2009-09-04 11:31 . 2009-09-04 11:44 -------- d-----w- c:\program files\TomTom HOME . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-15 15:14 . 2003-10-10 17:14 1768 -c--a-w- c:\windows\EntPack.dat 2009-09-14 20:13 . 2005-04-16 13:30 -------- d-----w- c:\program files\ToniArts 2009-09-14 17:11 . 2008-05-18 13:34 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-14 16:16 . 2005-12-05 17:13 -------- d-----w- c:\program files\Winamp 2009-09-14 15:41 . 2009-03-28 16:32 -------- d-----w- c:\program files\Common Files\Real 2009-09-14 14:10 . 2005-04-16 13:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-14 13:06 . 2001-09-07 12:00 69380 ----a-w- c:\windows\system32\perfc013.dat 2009-09-14 13:06 . 2001-09-07 12:00 442004 ----a-w- c:\windows\system32\perfh013.dat 2009-09-14 12:53 . 2005-04-16 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-14 12:41 . 2003-10-08 15:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-14 09:38 . 2006-02-19 10:10 4212 -c-ha-w- c:\windows\system32\zllictbl.dat 2009-09-11 16:20 . 2004-09-22 17:57 -------- d-----w- c:\program files\Messenger Plus! 3 2009-09-11 13:48 . 2007-02-12 11:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-11 10:11 . 2003-10-08 16:47 -------- d-----w- c:\program files\Lavasoft 2009-09-11 09:04 . 2004-11-02 15:11 -------- d-----w- c:\documents and settings\gebruiker 1\Application Data\Lavasoft 2009-08-05 09:07 . 2005-07-30 12:24 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-17 19:01 . 2002-09-09 12:07 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 08:08 . 2004-08-04 08:03 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-01 21:15 . 2008-03-24 14:04 155236 ----a-w- c:\windows\hpoins21.dat 2009-06-26 16:20 . 2006-06-23 12:29 662528 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:20 . 2004-08-04 08:03 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-25 18:37 . 2002-09-09 12:07 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:37 . 2002-09-09 12:07 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:37 . 2002-09-09 12:07 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:37 . 2002-09-09 12:07 504832 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:37 . 2002-09-09 12:07 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:37 . 2002-09-09 12:07 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:37 . 2002-09-09 12:07 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:37 . 2002-09-09 12:07 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:37 . 2001-09-07 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:37 . 2001-09-07 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:37 . 2001-09-07 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:37 . 2001-09-07 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:48 . 2005-06-15 17:52 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:48 . 2002-09-09 12:08 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:48 . 2002-09-09 12:08 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:48 . 2002-09-09 12:07 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:48 . 2002-09-09 12:07 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:48 . 2001-09-07 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384] "Motive SmartBridge"="c:\progra~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 385024] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-30 77824] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\gebruiker 2\Menu Start\Programma's\Opstarten\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-11-22 261120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-11 13:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/09/2009 12:18 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/09/2009 15:48 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/09/2009 15:48 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/09/2009 15:46 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/09/2009 15:46 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/07/2009 16:49 1029456] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2009-09-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-09-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = hxxp://ie.search.msn.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?23151649e81549c081b88376e0473c9d IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?23151649e81549c081b88376e0473c9d DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-MessengerPlus3 - c:\program files\Messenger Plus! 3\MsgPlus.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-LucasArts' Star Wars: Episode I Racer - c:\program files\LucasArts\RACER\DeIsL1.isu ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 11:56 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************ . Voltooingstijd: 2009-09-22 12:03 ComboFix-quarantined-files.txt 2009-09-22 10:03 Pre-Run: 36.129.435.648 bytes beschikbaar Post-Run: 37.460.869.120 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 209 --- E O F --- 2009-09-15 06:39
Eric U	Geplaatst - 20 Sep 2009 : 19:24:26 Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! []Dubbelklik op Combofix.exe* om het te starten. []Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.* []Klik op OK in het "NirCmd" venstertje. []Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster. []Klik op OK en Ja om automatisch de Recovery Console te laten installeren. []Klik na afloop terug op Ja om het scannen op malware te starten. []Tijdens het runnen van de fix, NIET* in het venster klikken, want dit zal je pc doen vasthangen. []Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt* openen. Post dit logje in je volgende antwoord.
Lobeda	Geplaatst - 16 Sep 2009 : 22:24:56 Eric, hier de gevraagde logjes. Malwarebytes' Anti-Malware 1.41 Database version: 2784 Windows 5.1.2600 Service Pack 2 16/09/2009 22:21:33 mbam-log-2009-09-16 (22-21-33).txt Scan type: Quick Scan Objects scanned: 152458 Time elapsed: 39 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34:58, on 16/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\windows\system32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Documents and Settings\gebruiker 1\Mijn documenten\WILLY\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1229272821-813497703-1343024091-1003\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart (User 'Francois') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?175036b766174d33b8ecea2dfdec5db3 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?175036b766174d33b8ecea2dfdec5db3 O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6255 bytes
Eric U	Geplaatst - 16 Sep 2009 : 20:03:29 Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download MalwareBytes' Anti-Malware en sla het op je bureaublad op. Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij: []Update MalwareBytes' Anti-Malware []Start MalwareBytes' Anti-Malware Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden. []Zodra het programma gestart is, ga dan naar het tabblad "Instellingen". []Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware". []Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan". []Druk vervolgens op "Scannen" om de scan te starten. []Het scannen kan een tijdje duren, dus wees geduldig. []Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. []Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde". []Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis

Breekpunt.nl - Forum

Image Forums 2001

Deze pagina is gegenereerd in 0.28 seconden.

Snitz Forums 2000