Ga naar inhoud

awr

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    19

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door awr

    log file

    in Archief Bestrijding malware & virussen

    Geplaatst:

    hier het file van hijackthis...graag hoor ik van je.

    bedankt!

    awr

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:42:45, on 22-4-2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI~1.EXE

    C:\windows\system\hpsysdrv.exe

    C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe

    C:\HP\KBD\KBD.EXE

    C:\WINDOWS\System32\pctspk.exe

    C:\PROGRA~1\ESET\ESETSM~1\egui.exe

    C:\PROGRA~1\FINEPI~1\QUICKD~1.EXE

    C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe

    C:\PROGRA~1\Sandisk\Common\Bin\WINCIN~1.EXE

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\PROGRA~1\INTERN~1\IEXPLORE.EXE

    C:\PROGRA~1\LimeWire\LimeWire.exe

    C:\PROGRA~1\TRENDM~1\HIJACK~1\HIJACK~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ajax Showtime

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe

    O4 - HKLM\..\Run: [fjrjb] rundll32.exe "C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\bbjljffnnjp.drv" WLEntryPoint

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKLM\..\Policies\Explorer\Run: [goolieko] rundll32.exe "C:\WINDOWS\System32\jqpgnatgj.drv" WLEntryPoint

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe

    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

    O20 - Winlogon Notify: nqdsf - C:\WINDOWS\SYSTEM32\nqdsf.dll

    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --

    End of file - 4820 bytes

    log file

    in Archief Bestrijding malware & virussen

    Geplaatst:

    het report van sdfix.

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-22 10:15:45

    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vtq46]

    "Type"=dword:00000001

    "Tag"=dword:00000001

    "Group"="System Reserved\0Boot Bus Extender\0Security Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"

    "ErrorControl"=dword:00000001

    "Start"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zsqalpdt]

    "Type"=dword:00000001

    "Start"=dword:00000001

    "ErrorControl"=dword:00000000

    "ImagePath"=str(2):"\??\C:\WINDOWS\zsqalpdt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zsqalpdt\security]

    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vtq46]

    "Type"=dword:00000001

    "Tag"=dword:00000001

    "Group"="System Reserved\0Boot Bus Extender\0Security Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"

    "ErrorControl"=dword:00000001

    "Start"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zsqalpdt]

    "Type"=dword:00000001

    "Start"=dword:00000001

    "ErrorControl"=dword:00000000

    "ImagePath"=str(2):"\??\C:\WINDOWS\zsqalpdt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zsqalpdt\security]

    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\SYSTEM32\drivers\Vtq46.sys 120832 bytes executable

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 19

    het log file van hjt komt nog in de loop van deze dag. bedankt voor de medewerking! echt super!

    awr

    Heb je de PC opgestart in veilige modus ? Het is daar dat je moet kiezen voor Y in runthis.bat.

    log file

    in Archief Bestrijding malware & virussen

    Geplaatst:

    oke dankje vor de snelle reactie! ik ben nu zover dat ik in het menu zit bij runthis van sdfix. nu kan ik kiezen uit a,b,c,d,1,2,3 en 4. als ik typ Y dan sluit het venster zich en gebeurt er niks. kun je me nog wat duidelijkheid verschaffen?

    bvd!

    awr

    Download SDFix en klik op "uitvoeren".

    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1208510662.dll

    O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll (file missing)

    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Eigenaar\cftmon.exe

    O4 - HKLM\..\Run: [advap32] c:\dgfus.exe/r

    O4 - HKLM\..\Run: [nmdorels] rundll32.exe "C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\ahsjmlkf.d ll" WLEntryPoint

    O4 - HKCU\..\Run: [PnPUI Registrator] "C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe" -s

    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Eigenaar\cftmon.exe

    O4 - HKCU\..\Run: [WintelUpdate] C:\keawaia.exe

    O4 - HKLM\..\Policies\Explorer\Run: [ralgjihg] rundll32.exe "C:\WINDOWS\System32\jqpgnatgj.drv" WLEntryPoint

    O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user

    O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O20 - Winlogon Notify: nqdsf - C:\WINDOWS\SYSTEM32\nqdsf.dll

    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll

    O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe

    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

    Klik op 'Fix checked' om de items te verwijderen.

    Herstart je PC in veilige modus.

    Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

    Typ Y om het schoonmaakproces te starten.

    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

    De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

    Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

    Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

    Start je PC terug op in normale modus.

    Plak de inhoud van dat rapportje van SDFix hier met een nieuw HJT-log.

    log file

    in Archief Bestrijding malware & virussen

    Geplaatst:

    hallo Kape,

    ik lees net je vorige bericht. dus vandaar start ik het nu in dit forum. bij deze mijn log file. hoplijk heb je even tijd, het zou enorm helpen.

    bvd

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:36:13, on 21-4-2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\rundll32.exe

    C:\WINDOWS\System32\pctspk.exe

    C:\windows\system\hpsysdrv.exe

    C:\HP\KBD\KBD.EXE

    C:\PROGRA~1\ESET\ESETSM~1\egui.exe

    C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe

    C:\keawaia.exe

    C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI~1.EXE

    C:\WINDOWS\system32\glock32.exe

    C:\WINDOWS\system32\drivers\spools.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\Sandisk\Common\Bin\WINCIN~1.EXE

    C:\Program Files\FinePixViewer\QuickDCF2.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\TRENDM~1\HIJACK~1\HIJACK~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ajax Showtime

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1208510662.dll

    O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll (file missing)

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Eigenaar\cftmon.exe

    O4 - HKLM\..\Run: [advap32] c:\dgfus.exe/r

    O4 - HKLM\..\Run: [nmdorels] rundll32.exe "C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\ahsjmlkf.dll" WLEntryPoint

    O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe

    O4 - HKCU\..\Run: [PnPUI Registrator] "C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe" -s

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Eigenaar\cftmon.exe

    O4 - HKCU\..\Run: [WintelUpdate] C:\keawaia.exe

    O4 - HKLM\..\Policies\Explorer\Run: [ralgjihg] rundll32.exe "C:\WINDOWS\System32\jqpgnatgj.drv" WLEntryPoint

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')

    O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')

    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe

    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\bmdgb.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

    O20 - Winlogon Notify: nqdsf - C:\WINDOWS\SYSTEM32\nqdsf.dll

    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll

    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

    --

    End of file - 6032 bytes

    langzame nieuwe pc

    in Archief Bestrijding malware & virussen

    Geplaatst:

    hallo,

    ik heb goede ervaringen met deze site dus help ik nu iemand anders wiens pc erg traag is. vandaar mijn logfile. zou iemand er naar kunnen kijken ?

    bvd

    met vr. gr.

    awr

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\windows\system\hpsysdrv.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe

    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    C:\WINDOWS\vsnpstd2.exe

    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\TomTom HOME 2\HOMERunner.exe

    C:\Program Files\palmOne\HOTSYNC.EXE

    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

    C:\Program Files\Skype\Plugin Manager\SkypePM.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje!

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

    O4 - HKLM\..\Run: [stopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus

    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\RunOnce: [stopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro

    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?6c985e02f75947a683f08f5c80276ec5

    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?6c985e02f75947a683f08f5c80276ec5

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158608568250

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --

    End of file - 10092 bytes

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    hartelijk dank voor uw info,

    bij deze nog een log file van hjt. het heeft even mogen duren maar helaas was ik niet thuis en dus weg bij mijn pc.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:30:55, on 2-1-2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\windows\system\hpsysdrv.exe

    C:\HP\KBD\KBD.EXE

    C:\WINDOWS\System32\pctspk.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    C:\Program Files\FinePixViewer\QuickDCF2.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKCU\..\Run: [PnPUI Registrator] "C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe" -s

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe

    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --

    End of file - 4588 bytes

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    hallo, (alweeer)

    ik heb nu eset gedownload en laten lopen, met succes want ik heb geen last meer van pop-ups. deze versie kan ik nog maar 1 dag gebruiken, moet ik verlengen of kan ik gewoon doorgaan met een gratis versie van Avast? verder zou ik nog willen weten of het nu echt van mn pc af is zodat ik ook weer persoonlijke handelingen kan uitvoeren als Telebankieren? volgens mij is dit dan mijn laatste vraag.

    bvd

    awr

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    dat logotje met dat bepaalde uitroepteken is geloof ik die van windows zelf.

    en komt dus altijd als er spyware e.d. in het systeem zit.

    probeer nog eens vanuit veilige modus op te starten en dan nog eens te scannen met anti spyware programma's

    als ik op het icoontje klik dan krijg ik een programma antispy golden, ik weet niet of dit wel de juiste remover is. ik betwijfel het.

    toch bedankt voor je tip.

    awr

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    icon4.gif yannick....

    het is al een stuk minder geworden en daar ben ik verschrikkelijk blij mee!

    toch blijft het bovenstaande tekentje constant flikkeren in mijn taakbalk en meldt mij dat er een i.worm virus en een spybot mxd o.i.d zich in mijn computer bevindt. ik heb hitman pro laten lopen en Avast maar beide kunnen dit niet verhelpen, mocht je even tijd hebben dan hoor ik graag van je. ik weet nu hoe druk je het hebt dus doe rustig aan.

    hartelijk dank alvast

    awr

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Logfile of Trend Micro HijackThis v2.0.2

    nou ik heb gedaan wat je me vertelde, maar dit is heel veel. ik snap er niks van maar hopelijk weet jij er meer van??

    Scan saved at 17:24:56, on 16-11-2007

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\Program Files\Online Add-on\icthis.exe

    C:\Program Files\Online Add-on\isfmntr.exe

    C:\windows\system\hpsysdrv.exe

    C:\HP\KBD\KBD.EXE

    C:\WINDOWS\System32\pctspk.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    C:\Program Files\FinePixViewer\QuickDCF2.exe

    C:\Program Files\Online Add-on\icmntr.exe

    C:\Program Files\Online Add-on\isfmm.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\a-squared Free\a2service.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\LimeWire\LimeWire.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Online Add-on\isfmdl.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [PnPUI Registrator] "C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe" -s

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe

    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe

    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

    O22 - SharedTaskScheduler: bifurcately - {de313bc7-422a-4344-a9aa-3e703922345c} - C:\WINDOWS\System32\aghmao.dll (file missing)

    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --

    End of file - 6507 bytes

    [OPGELOST] Een probleem

    in Archief Bestrijding malware & virussen

    Geplaatst:

    mensen,

    ik ben een student die een probleem heeft met allemaal vervelende waarschuwingen.

    deze vertellen mij dat mijn pc een virus heeft en ik bepaalde programma´s moet downloaden die ik niet vertrouw en er louche uitzien. er knippert een driehoekje in mijn taakbalk, deze verschijnt om de 5 min. heeft iemand hier ervaring mee en kan iemand mij hier alstublieft mee helpen!?

    bvd awr

    *QlimaX: Ik heb even je bericht verplaatst naar hier*

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.